Mozilla Firefox CVE-2013-1689 Denial of Service Vulnerability

Description

Mozilla Firefox is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the application to crash, denying service to legitimate users. This issue is fixed in: Firefox 22

Technologies Affected

• Mozilla Firefox 10.0
• Mozilla Firefox 10.0.1
• Mozilla Firefox 10.0.2
• Mozilla Firefox 11.0
• Mozilla Firefox 12.0
• Mozilla Firefox 13.0
• Mozilla Firefox 14
• Mozilla Firefox 14.0
• Mozilla Firefox 14.01
• Mozilla Firefox 15
• Mozilla Firefox 15.0.1
• Mozilla Firefox 16
• Mozilla Firefox 16.0.1
• Mozilla Firefox 16.0.2
• Mozilla Firefox 17.0
• Mozilla Firefox 17.0.1
• Mozilla Firefox 18.0
• Mozilla Firefox 19.0
• Mozilla Firefox 19.0.2
• Mozilla Firefox 20.0
• Mozilla Firefox 20.0.1
• Mozilla Firefox 20.0a1
• Mozilla Firefox 21.0

Recommendations

Block external access at the network boundary, unless external parties require service.
If global access isn’t needed, block access at the network perimeter to computers running the vulnerable application

Run all software as a nonprivileged user with minimal access rights.
Run all non-administrative software as a non-administrative user with the least amount of privileges required to successfully operate. This will greatly reduce the potential damage that successful exploitation may achieve.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity such as unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.

Updates are available. Please see the references or vendor advisory for more information.