This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:EXT:DOT-XUL
|
Severity |
Warning
|
Recommended |
No
|
Category |
HTTP
|
Keywords |
Mozilla Firefox XUL Browser Interface Spoofing
|
Release Date |
2005/02/15
|
Update Number |
1213
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Mozilla Firefox XUL Browser Interface Spoofing
This signature detects an attempt to download a Mozilla Firefox XML User Interface Language file. Opening a malicious .xul file can allow for arbitrary code execution, leading to system compromise. This vulnerability is present in Firefox versions prior to version 0.9. Please note that there are legitimate uses for this file type. Therefore, not all instances of this signature might be an actual attack.
Extended Description
Mozilla Firefox is reported prone to an interface spoofing vulnerability. The issue presents itself because JavaScript code is allowed to hide the Mozilla Firefox interface and status bar by default. A fake Mozilla firefox interface may be created using the XML User Interface Language API, this interface may aid in phishing style attacks.
This misrepresentation may fool a user into trusting a malicious site, which would likely ask the user to submit sensitive or private information.
Affected Products
- Conectiva linux 10.0.0
- Conectiva linux 9.0.0
- Mozilla browser 1.0.0
- Mozilla browser 1.0.0 RC1
- Mozilla browser 1.0.0 RC2
- Mozilla browser 1.0.1
- Mozilla browser 1.0.2
- Mozilla browser 1.1.0
- Mozilla browser 1.1.0 Alpha
- Mozilla browser 1.1.0 Beta
- Mozilla browser 1.2.0
- Mozilla browser 1.2.0 Alpha
- Mozilla browser 1.2.0 Beta
- Mozilla browser 1.2.1
- Mozilla browser 1.3.0
- Mozilla browser 1.3.1
- Mozilla browser 1.4.0
- Mozilla browser 1.4.0 A
- Mozilla browser 1.4.0 B
- Mozilla browser 1.4.1
- Mozilla browser 1.4.2
- Mozilla browser 1.5.0
- Mozilla browser 1.6.0
- Mozilla browser 1.7.0
- Mozilla browser 1.7.0 Rc3
- Mozilla browser 1.7.1
- Mozilla firefox 0.10.0
- Mozilla firefox 0.10.1
- Mozilla firefox 0.8.0
- Mozilla firefox 0.9.0
- Mozilla firefox 0.9.0 Rc
- Mozilla firefox 0.9.1
- Mozilla firefox 0.9.2
- Mozilla firefox 0.9.3
- Mozilla firefox 1.0.0
- Mozilla firefox Preview Release
- Mozilla thunderbird 0.7.0
- Red_hat fedora Core1
- Red_hat linux 7.3.0
- Red_hat linux 7.3.0 I386
- Red_hat linux 7.3.0 I686
- Red_hat linux 9.0.0 I386
- Sco unixware 7.1.4
- Sgi advanced_linux_environment 3.0.0
- Suse linux 8.1.0
- Suse linux_desktop 1.0.0
- Suse linux_personal 8.2.0
- Suse linux_personal 9.0.0
- Suse linux_personal 9.0.0 X86 64
- Suse linux_personal 9.1.0
- Suse suse_linux_enterprise_server 8
- Suse suse_linux_enterprise_server 9
References