Think you have a false positive on this rule?

Sid 1-40888

Message

BROWSER-FIREFOX Mozilla Firefox ESR NotifyTimeChange use after free attempt

Summary

This event is generated when an attacker attempts to exploit a use after free vulnerability affecting Mozilla Firefox.

Impact

Attempted User Privilege Gain

Detailed information

This rule checks for an attempt to trigger a use after free vulnerability in Firefox's handling of SVG animations.

Affected systems

  • Mozilla Firefox versions < 50.0.2
  • Mozilla Thunderbird versions <= 45.4
  • Tor Browser < 6.0.7

Ease of attack

Simple; exploits are publicly-available

False positives

None Known

False negatives

None Known

Corrective action

Implement vendor-supplied patches

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • www.mozilla.org/en-US/security/advisories/mfsa2016-92/