Signature Detail

HTTP: Mozilla FireFox Hidden Frame Overlay

This signature detects the download of a malicious Shockwave Flash file. When viewed in a Mozilla FireFox browser, the file displays the "about:config" page in an attempt to trick the client into modifying browser settings.

Extended Description

A remote configuration manipulation vulnerability affects Mozilla Firefox. This issue is due to a failure of the application to properly secure sensitive configuration scripts from being activated by remote attackers. An attacker may leverage this issue to alter an unsuspecting user's configuration settings; this may lead to a false sense of security as sensitive settings may be manipulated without the user's knowledge.

Affected Products

• Gentoo Linux
• Mozilla Browser 1.4.4
• Mozilla Browser 1.7.5
• Mozilla Firefox 0.10.0
• Mozilla Firefox 0.10.1
• Mozilla Firefox 0.8.0
• Mozilla Firefox 0.9.0
• Mozilla Firefox 0.9.0 Rc
• Mozilla Firefox 0.9.1
• Mozilla Firefox 0.9.2
• Mozilla Firefox 0.9.3
• Mozilla Firefox 1.0.0
• Netscape 7.2.0
• Red Hat Advanced Workstation for the Itanium Processor 2.1.0
• Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
• Red Hat Desktop 3.0.0
• Red Hat Enterprise Linux AS 2.1
• Red Hat Enterprise Linux AS 2.1 IA64
• Red Hat Enterprise Linux AS 3
• Red Hat Enterprise Linux ES 2.1
• Red Hat Enterprise Linux ES 2.1 IA64
• Red Hat Enterprise Linux ES 3
• Red Hat Enterprise Linux WS 2.1
• Red Hat Enterprise Linux WS 2.1 IA64
• Red Hat Enterprise Linux WS 3
• Red Hat Fedora Core1
• Red Hat Fedora Core2
• Red Hat Linux 7.3.0
• Red Hat Linux 7.3.0 I386
• Red Hat Linux 7.3.0 I686
• Red Hat Linux 9.0.0 I386
• SGI ProPack 3.0.0

References

• CVE: CVE-2005-0232
• URL: https://bugzilla.mozilla.org/show_bug.cgi?id=280664
• URL: http://www.mikx.de/fireflashing/