This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:STC:ABOUT-JAVASCRIPT
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
About Local Link Exploit (JS)
|
Release Date |
2010/09/09
|
Update Number |
1769
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: About Local Link Exploit (JS)
This signature detects attempts to exploit a known vulnerability in Web browsers that support the "about:" URI scheme within a script. Attackers can use this technique in combination with other browser exploits to elevate an attack into a trusted security zone (such as Local Computer).
Extended Description
Mozilla Browser/Firefox are prone to a potential arbitrary code-execution weakness.
Specifically, an attacker can load privileged 'chrome' pages from an unprivileged 'about:' page. This issue does not pose a threat unless it is combined with a same-origin violation issue.
If successfully exploited, this issue may allow a remote attacker to execute arbitrary code and gain unauthorized remote access to a computer. This would occur in the context of the user running the browser.
Affected Products
- Conectiva linux 10.0.0
- Debian linux 3.1.0
- Debian linux 3.1.0 Alpha
- Debian linux 3.1.0 Amd64
- Debian linux 3.1.0 Arm
- Debian linux 3.1.0 Hppa
- Debian linux 3.1.0 Ia-32
- Debian linux 3.1.0 Ia-64
- Debian linux 3.1.0 M68k
- Debian linux 3.1.0 Mips
- Debian linux 3.1.0 Mipsel
- Debian linux 3.1.0 Ppc
- Debian linux 3.1.0 S/390
- Debian linux 3.1.0 Sparc
- Gentoo linux
- Mandriva corporate_server 3.0.0
- Mandriva corporate_server 3.0.0 X86 64
- Mandriva linux_mandrake 10.1.0
- Mandriva linux_mandrake 10.1.0 X86 64
- Mandriva linux_mandrake 10.2.0
- Mandriva linux_mandrake 10.2.0 X86 64
- Mandriva linux_mandrake 2006.0.0
- Mandriva linux_mandrake 2006.0.0 X86 64
- Mozilla browser 1.6.0
- Mozilla browser 1.7.0
- Mozilla browser 1.7.0 Alpha
- Mozilla browser 1.7.0 Beta
- Mozilla browser 1.7.0 Rc1
- Mozilla browser 1.7.0 Rc2
- Mozilla browser 1.7.0 Rc3
- Mozilla browser 1.7.1
- Mozilla browser 1.7.11
- Mozilla browser 1.7.2
- Mozilla browser 1.7.3
- Mozilla browser 1.7.4
- Mozilla browser 1.7.5
- Mozilla browser 1.7.6
- Mozilla browser 1.7.7
- Mozilla browser 1.7.8
- Mozilla browser 1.7.9
- Mozilla firefox 1.0.0
- Mozilla firefox 1.0.1
- Mozilla firefox 1.0.2
- Mozilla firefox 1.0.3
- Mozilla firefox 1.0.4
- Mozilla firefox 1.0.5
- Mozilla firefox 1.0.6
- Mozilla thunderbird 1.0.0
- Mozilla thunderbird 1.0.1
- Mozilla thunderbird 1.0.2
- Mozilla thunderbird 1.0.5
- Mozilla thunderbird 1.0.6
- Netscape browser 8.0.3 .3
- Red_hat fedora Core1
- Red_hat fedora Core2
- Red_hat fedora Core3
- Red_hat fedora Core4
- Red_hat linux 7.3.0
- Red_hat linux 7.3.0 I386
- Red_hat linux 7.3.0 I686
- Red_hat linux 9.0.0 I386
- Sgi propack 3.0.0 SP6
- Slackware linux 10.0.0
- Slackware linux 10.1.0
- Slackware linux 10.2.0
- Slackware linux -Current
- Suse beagle 10.0.0
- Suse linux_desktop 1.0.0
- Suse linux_enterprise_server_for_s/390 9.0.0
- Suse linux_personal 10.0.0 OSS
- Suse linux_personal 9.0.0
- Suse linux_personal 9.0.0 X86 64
- Suse linux_personal 9.1.0
- Suse linux_personal 9.1.0 X86 64
- Suse linux_personal 9.2.0
- Suse linux_personal 9.2.0 X86 64
- Suse linux_personal 9.3.0
- Suse linux_personal 9.3.0 X86 64
- Suse linux_professional 10.0.0
- Suse linux_professional 10.0.0 OSS
- Suse linux_professional 9.0.0
- Suse linux_professional 9.0.0 X86 64
- Suse linux_professional 9.1.0
- Suse linux_professional 9.1.0 X86 64
- Suse linux_professional 9.2.0
- Suse linux_professional 9.2.0 X86 64
- Suse linux_professional 9.3.0
- Suse linux_professional 9.3.0 X86 64
- Suse novell_linux_desktop 9.0.0
- Suse suse_linux_enterprise_server 8
- Suse suse_linux_enterprise_server 9
- Turbolinux home
- Turbolinux multimedia
- Turbolinux personal
- Turbolinux turbolinux 10 F...
- Turbolinux turbolinux_desktop 10.0.0
- Turbolinux turbolinux_server 10.0.0
- Ubuntu ubuntu_linux 4.1.0 Ia32
- Ubuntu ubuntu_linux 4.1.0 Ia64
- Ubuntu ubuntu_linux 4.1.0 Ppc
- Ubuntu ubuntu_linux 5.0.0 4 Amd64
- Ubuntu ubuntu_linux 5.0.0 4 I386
- Ubuntu ubuntu_linux 5.0.0 4 Powerpc
References