Signature Detail
Short Name |
HTTP:STC:MOZILLA:FIRE-FAVICON |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Firefox Favicon JavaScript Execution |
Release Date |
2005/05/26 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Firefox Favicon JavaScript Execution
This signature detects attempts to exploit a known vulnerability in Firefox Web browsers. Firefox 1.0.2 and earlier versions are vulnerable. Attackers can create a malicious Web server that can execute arbitrary code within the context of Chrome (typically the user context).
Extended Description
A remote code-execution vulnerability affects Mozilla Suite and Mozilla Firefox because the applications fail to deny remote unauthorized access to trusted local interfaces. An attacker may be able to exploit this issue to execute arbitrary script code with the privileges of an unsuspecting user that activated the affected browser. This may facilitate the installation and execution of malicious applications on an affected computer. Note that this issue was previously reported in BID 13208 (Mozilla Suite Multiple Code Execution, Cross-Site Scripting, And Policy Bypass Vulnerabilities); it has been assigned its own BID.
Affected Products
- HP HP-UX B.11.00
- HP HP-UX B.11.11
- HP HP-UX B.11.22
- HP HP-UX B.11.23
- Mandriva Corporate Server 3.0.0
- Mandriva Corporate Server 3.0.0 X86 64
- Mandriva Linux Mandrake 10.1.0
- Mandriva Linux Mandrake 10.1.0 X86 64
- Mandriva Linux Mandrake 10.2.0
- Mandriva Linux Mandrake 10.2.0 X86 64
- Mozilla Browser 1.7.0
- Mozilla Browser 1.7.0 Alpha
- Mozilla Browser 1.7.0 Beta
- Mozilla Browser 1.7.0 Rc1
- Mozilla Browser 1.7.0 Rc2
- Mozilla Browser 1.7.0 Rc3
- Mozilla Browser 1.7.1
- Mozilla Browser 1.7.2
- Mozilla Browser 1.7.3
- Mozilla Browser 1.7.4
- Mozilla Browser 1.7.5
- Mozilla Browser 1.7.6
- Mozilla Firefox 0.10.0
- Mozilla Firefox 0.10.1
- Mozilla Firefox 0.8.0
- Mozilla Firefox 0.9.0
- Mozilla Firefox 0.9.0 Rc
- Mozilla Firefox 0.9.1
- Mozilla Firefox 0.9.2
- Mozilla Firefox 0.9.3
- Mozilla Firefox 1.0.0
- Mozilla Firefox 1.0.1
- Mozilla Firefox 1.0.2
- Netscape Navigator 7.0.0
- Netscape Navigator 7.0.2
- Netscape Navigator 7.1.0
- Netscape Navigator 7.2.0
- Netscape 7.0.0
- Netscape 7.1.0
- Netscape 7.2.0
- Red Hat Advanced Workstation for the Itanium Processor 2.1.0
- Red Hat Desktop 3.0.0
- Red Hat Enterprise Linux AS 2.1
- Red Hat Enterprise Linux AS 3
- Red Hat Enterprise Linux ES 2.1
- Red Hat Enterprise Linux ES 3
- Red Hat Enterprise Linux WS 2.1
- Red Hat Enterprise Linux WS 3
- Red Hat Fedora Core1
- Red Hat Fedora Core2
- Red Hat Linux 7.3.0
- Red Hat Linux 7.3.0 I386
- Red Hat Linux 7.3.0 I686
- Red Hat Linux 9.0.0 I386
- SCO Unixware 7.1.4
- SGI ProPack 3.0.0
- SuSE Linux Desktop 1.0.0
- SuSE Linux Personal 8.2.0
- SuSE Linux Personal 9.0.0
- SuSE Linux Personal 9.0.0 X86 64
- SuSE Linux Personal 9.1.0
- SuSE Linux Personal 9.1.0 X86 64
- SuSE Linux Personal 9.2.0
- SuSE Linux Personal 9.2.0 X86 64
- SuSE Linux Personal 9.3.0
- SuSE Novell Linux Desktop 9.0.0
- SuSE SUSE Linux Enterprise Server 8
- SuSE SUSE Linux Enterprise Server 9
- Ubuntu Ubuntu Linux 5.0.0 4 Amd64
- Ubuntu Ubuntu Linux 5.0.0 4 I386
- Ubuntu Ubuntu Linux 5.0.0 4 Powerpc
References