Intrusion Prevention

Mozilla.Firefox.And.Sea.Monkey.Content.Injection.Spoofing

Description

This indicates an attack attempt to exploit a Content Injection Spoofing vulnerability in Mozilla products.
This issue is caused by an error in the vulnerable software when handling a web page with an invalid url that is passed to "document.location". It may allow remote attackers to execute arbitrary code by sending a crafted web page.

Affected Products

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6
SeaMonkey before 2.0.1

Impact

Information Spoofing

Recommended Actions

Refer to the vendor's web site for suggested workaround.
http://www.mozilla.org/security/announce/2009/mfsa2009-69.html

CVE References

CVE-2009-3985