Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:IE:TITLE-BAR-URI

Severity

 Medium

Recommended

 Yes

Recommended Action

 Drop

Category

 HTTP

Keywords

 URI in Popup Title Bar

Release Date

 2005/02/25

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: URI in Popup Title Bar


This signature detects attempts to exploit a known vulnerability in Microsoft Internet Explorer. When the content of an HTML title tag contains scheme content (such as "http://"), IE displays the content text in the title bar. Attackers can create a malicious Web page that contains script-initiated pop-up windows. When viewed in IE, the Web page generates a pop-up window that mimics a trusted site, potentially tricking users into entering sensitive information in the pop-up window.

Extended Description

Internet Explorer is reported prone to a pop-up window title bar spoofing weakness. The weakness is reported to exist due to a flaw that manifests in script-initiated pop-up windows. This issue may be leveraged by an attacker to display false URI information in the title bar of an Internet Explorer pop-up dialog window. This may facilitate phishing style attacks; other attacks may also be possible.

Affected Products

  • Microsoft Internet Explorer 6.0
  • Microsoft Internet Explorer 6.0 SP1

References

  • BugTraq: 12602
  • CVE: CVE-2005-0500

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out