Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:MOZILLA:FIRESEARCH

Severity

 Low

Recommended

 No

Category

 HTTP

Keywords

 Firefox FireSearching

Release Date

 2005/09/01

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Firefox FireSearching


This signature detects the addition of a search engine containing JavaScript to the FireFox browser. It is possible to use this search engine as a spyware module to gather information about the user.

Extended Description

A remote code-execution vulnerability affects Mozilla Suite and Mozilla Firefox because the applications fail to validate access prior to executing remotely supplied scripts. An attacker may leverage this issue to execute arbitrary code in the context of a site that is being viewed by an unsuspecting user. If the web page being viewed is a privileged page, remote code execution is possible. This may facilitate cross-site scripting as well as a compromise of an affected computer. Note that this issue was previously reported in BID 13208 (Mozilla Suite Multiple Code Execution, Cross-Site Scripting, And Policy Bypass Vulnerabilities); it has been assigned its own BID.

Affected Products

  • HP HP-UX B.11.00
  • HP HP-UX B.11.11
  • HP HP-UX B.11.22
  • HP HP-UX B.11.23
  • Mandriva Corporate Server 3.0.0
  • Mandriva Corporate Server 3.0.0 X86 64
  • Mandriva Linux Mandrake 10.1.0
  • Mandriva Linux Mandrake 10.1.0 X86 64
  • Mandriva Linux Mandrake 10.2.0
  • Mandriva Linux Mandrake 10.2.0 X86 64
  • Mozilla Browser 1.7.0
  • Mozilla Browser 1.7.0 Alpha
  • Mozilla Browser 1.7.0 Beta
  • Mozilla Browser 1.7.0 Rc1
  • Mozilla Browser 1.7.0 Rc2
  • Mozilla Browser 1.7.0 Rc3
  • Mozilla Browser 1.7.1
  • Mozilla Browser 1.7.2
  • Mozilla Browser 1.7.3
  • Mozilla Browser 1.7.4
  • Mozilla Browser 1.7.5
  • Mozilla Browser 1.7.6
  • Mozilla Firefox 1.0.0
  • Mozilla Firefox 1.0.1
  • Mozilla Firefox 1.0.2
  • Netscape Navigator 7.0.0
  • Netscape Navigator 7.0.2
  • Netscape Navigator 7.1.0
  • Netscape Navigator 7.2.0
  • Netscape 7.0.0
  • Netscape 7.1.0
  • Netscape 7.2.0
  • Red Hat Advanced Workstation for the Itanium Processor 2.1.0
  • Red Hat Desktop 3.0.0
  • Red Hat Enterprise Linux AS 2.1
  • Red Hat Enterprise Linux AS 3
  • Red Hat Enterprise Linux ES 2.1
  • Red Hat Enterprise Linux ES 3
  • Red Hat Enterprise Linux WS 2.1
  • Red Hat Enterprise Linux WS 3
  • Red Hat Fedora Core1
  • Red Hat Fedora Core2
  • Red Hat Linux 7.3.0
  • Red Hat Linux 7.3.0 I386
  • Red Hat Linux 7.3.0 I686
  • Red Hat Linux 9.0.0 I386
  • SCO Unixware 7.1.4
  • SGI ProPack 3.0.0
  • SuSE Linux Desktop 1.0.0
  • SuSE Linux Personal 8.2.0
  • SuSE Linux Personal 9.0.0
  • SuSE Linux Personal 9.0.0 X86 64
  • SuSE Linux Personal 9.1.0
  • SuSE Linux Personal 9.1.0 X86 64
  • SuSE Linux Personal 9.2.0
  • SuSE Linux Personal 9.2.0 X86 64
  • SuSE Linux Personal 9.3.0
  • SuSE Novell Linux Desktop 9.0.0
  • SuSE SUSE Linux Enterprise Server 8
  • SuSE SUSE Linux Enterprise Server 9
  • Ubuntu Ubuntu Linux 5.0.0 4 Amd64
  • Ubuntu Ubuntu Linux 5.0.0 4 I386
  • Ubuntu Ubuntu Linux 5.0.0 4 Powerpc

References

  • BugTraq: 13211
  • CVE: CVE-2005-1156
  • URL: http://www.mikx.de/firesearching/

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out