Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:MOZILLA:FF-WYCIWYG

Severity

 Medium

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Firefox WYCIWYG URI Cache Zone Bypass

Release Date

 2007/11/07

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Firefox WYCIWYG URI Cache Zone Bypass


This signature detects attempts to exploit a known vulnerability in Mozilla FireFox. An attacker can create a malicious Web page containing dangerous URI's, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

Mozilla Firefox is prone to a cache-zone-bypass vulnerability because the application fails to properly block remote access to special internally generated URIs containing cached data. Exploiting this issue allows remote attackers to access potentially sensitive information and to place markers with similar functionality to cookies onto targeted users' computers, regardless of cookie security settings. Information harvested in successful exploits may aid in further attacks. Attackers may also potentially exploit this issue to perform cache-poisoning or URL-spoofing attacks. This issue is being tracked by Mozilla's Bugzilla Bug 387333.

Affected Products

  • Avaya Messaging Storage Server MM3.0
  • Debian Iceweasel
  • Debian Linux 4.0
  • Debian Linux 4.0 Alpha
  • Debian Linux 4.0 Amd64
  • Debian Linux 4.0 Arm
  • Debian Linux 4.0 Hppa
  • Debian Linux 4.0 Ia-32
  • Debian Linux 4.0 Ia-64
  • Debian Linux 4.0 M68k
  • Debian Linux 4.0 Mips
  • Debian Linux 4.0 Mipsel
  • Debian Linux 4.0 Powerpc
  • Debian Linux 4.0 S/390
  • Debian Linux 4.0 Sparc
  • Debian Xulrunner
  • Foresight Linux 1.1
  • Gentoo Linux
  • HP HP-UX B.11.11
  • HP HP-UX B.11.23
  • Iceape Internet Suite 1.0.10
  • Mandriva Corporate Server 3.0.0
  • Mandriva Corporate Server 3.0.0 X86 64
  • Mandriva Corporate Server 4.0
  • Mandriva Corporate Server 4.0.0 X86 64
  • Mandriva Linux Mandrake 2007.0
  • Mandriva Linux Mandrake 2007.0 X86 64
  • Mandriva Linux Mandrake 2007.1
  • Mandriva Linux Mandrake 2007.1 X86 64
  • Mozilla Camino 1.0
  • Mozilla Camino 1.0.1
  • Mozilla Camino 1.0.2
  • Mozilla Camino 1.0.3
  • Mozilla Camino 1.5
  • Mozilla Firefox 0.10.0
  • Mozilla Firefox 0.10.1
  • Mozilla Firefox 0.8.0
  • Mozilla Firefox 0.9.0
  • Mozilla Firefox 0.9.0 Rc
  • Mozilla Firefox 0.9.1
  • Mozilla Firefox 0.9.2
  • Mozilla Firefox 0.9.3
  • Mozilla Firefox 1.0.0
  • Mozilla Firefox 1.0.1
  • Mozilla Firefox 1.0.2
  • Mozilla Firefox 1.0.3
  • Mozilla Firefox 1.0.4
  • Mozilla Firefox 1.0.5
  • Mozilla Firefox 1.0.6
  • Mozilla Firefox 1.0.7
  • Mozilla Firefox 1.0.8
  • Mozilla Firefox 1.5.0
  • Mozilla Firefox 1.5.0.1
  • Mozilla Firefox 1.5.0.10
  • Mozilla Firefox 1.5.0.11
  • Mozilla Firefox 1.5.0 12
  • Mozilla Firefox 1.5.0.2
  • Mozilla Firefox 1.5.0.3
  • Mozilla Firefox 1.5.0.4
  • Mozilla Firefox 1.5.0.5
  • Mozilla Firefox 1.5.0.6
  • Mozilla Firefox 1.5.0.7
  • Mozilla Firefox 1.5.0.8
  • Mozilla Firefox 1.5.0.9
  • Mozilla Firefox 1.5.0 Beta 1
  • Mozilla Firefox 1.5.0 Beta 2
  • Mozilla Firefox 2.0
  • Mozilla Firefox 2.0.0.1
  • Mozilla Firefox 2.0.0.2
  • Mozilla Firefox 2.0.0.3
  • Mozilla Firefox 2.0.0.4
  • Mozilla Firefox 2.0 Beta 1
  • Mozilla Firefox 2.0 RC2
  • Mozilla Firefox 2.0 RC3
  • Mozilla XULRunner 1.8.1.3
  • Red Hat Desktop 4.0.0
  • Red Hat Enterprise Linux 5 Server
  • Red Hat Enterprise Linux AS 4
  • Red Hat Enterprise Linux Desktop 5 Client
  • Red Hat Enterprise Linux Desktop Workstation 5 Client
  • Red Hat Enterprise Linux ES 4
  • Red Hat Enterprise Linux WS 4
  • rPath rPath Linux 1
  • SGI ProPack 3.0.0 SP6
  • Slackware Linux 11.0
  • Slackware Linux 12.0
  • Sun Solaris 10 X86
  • SuSE Linux 10.0 Ppc
  • SuSE Linux 10.0 X86
  • SuSE Linux 10.0 X86-64
  • SuSE Linux 10.1 Ppc
  • SuSE Linux 10.1 X86
  • SuSE Linux 10.1 X86-64
  • SuSE Linux Desktop 10
  • SuSE Linux Personal 10.0.0 OSS
  • SuSE Linux Personal 10.1
  • SuSE Linux Professional 10.0.0
  • SuSE Linux Professional 10.0.0 OSS
  • SuSE Linux Professional 10.1
  • SuSE Novell Linux Desktop 9.0.0
  • SuSE Novell Linux POS 9
  • SuSE Open-Enterprise-Server
  • SuSE openSUSE 10.2
  • SuSE SUSE Linux Enterprise Desktop 10
  • SuSE SUSE Linux Enterprise Desktop 10 SP1
  • SuSE SUSE Linux Enterprise Server 10
  • SuSE SUSE Linux Enterprise Server 10 SP1
  • SuSE SUSE Linux Enterprise Server 8
  • SuSE SuSE Linux Openexchange Server 4.0.0
  • SuSE SUSE LINUX Retail Solution 8.0.0
  • SuSE SuSE Linux School Server for i386
  • SuSE SuSE Linux Standard Server 8.0.0
  • SuSE UnitedLinux 1.0.0
  • Ubuntu Ubuntu Linux 6.06 LTS Amd64
  • Ubuntu Ubuntu Linux 6.06 LTS I386
  • Ubuntu Ubuntu Linux 6.06 LTS Powerpc
  • Ubuntu Ubuntu Linux 6.06 LTS Sparc
  • Ubuntu Ubuntu Linux 6.10 Amd64
  • Ubuntu Ubuntu Linux 6.10 I386
  • Ubuntu Ubuntu Linux 6.10 Powerpc
  • Ubuntu Ubuntu Linux 6.10 Sparc
  • Ubuntu Ubuntu Linux 7.04 Amd64
  • Ubuntu Ubuntu Linux 7.04 I386
  • Ubuntu Ubuntu Linux 7.04 Powerpc
  • Ubuntu Ubuntu Linux 7.04 Sparc

References

  • BugTraq: 24831
  • CVE: CVE-2007-3656
  • URL: https://bugzilla.mozilla.org/show_bug.cgi?id=387333
  • URL: http://lcamtuf.coredump.cx/ffcache/

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out