Signature Detail
Short Name |
HTTP:BROWSER:FIREFOX-DATA-URI |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Mozilla Firefox DATA URI File Deletion |
Release Date |
2012/12/16 |
Update Number |
2211 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Mozilla Firefox DATA URI File Deletion
This signature detects attempts to exploit a known vulnerability in Mozilla Firefox. Attackers can craft a malicious Web site that deletes arbitrary files on the client computer when the client views the maliciously crafted Web site in Mozilla Firefox.
Extended Description
It is reported that Mozilla Firefox is susceptible to a file deletion vulnerability. This vulnerability allows attackers that can lure unsuspecting users to view malicious HTML or script code to cause the recursive deletion of the victim users configured download directory. They can achieve this by crafting malicious web pages containing either HTML or script code that utilizes the 'data:' URI scheme. This vulnerability is reported to exist in Mozilla Firefox in versions prior to 0.10.1.
Affected Products
- Mozilla Firefox 0.10.0
- Mozilla Firefox 0.8.0
- Mozilla Firefox 0.9.0
- Mozilla Firefox 0.9.0 Rc
- Mozilla Firefox 0.9.1
- Mozilla Firefox 0.9.2
- Mozilla Firefox 0.9.3
- Mozilla Firefox Preview Release
References
- BugTraq: 11311
- CVE: CVE-2004-2225