Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:MOZILLA:IFRAME-STYLE

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Mozilla Firefox IFRAME Style Change Handling Code Execution

Release Date

 2010/09/28

Update Number

 1780

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Mozilla Firefox IFRAME Style Change Handling Code Execution


This signature detects attempts to exploit a known vulnerability against Mozilla Firefox. A successful attack can lead to arbitrary code execution.

Extended Description

The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox 2.0.0.12 and prior versions. Exploiting these issues can allow attackers to: - steal authentication credentials - obtain potentially sensitive information - violate the same-origin policy - execute scripts with elevated privileges - cause denial-of-service conditions - potentially execute arbitrary code - perform cross-site request-forgery attacks Other attacks are possible. These issues are present in Firefox 2.0.0.12 and prior versions. Many of these issues are present in Mozilla Thunderbird 2.0.0.12 and prior versions as well as SeaMonkey 1.1.8 and prior versions. UPDATE: Versions of Mozilla Thunderbird prior to 2.0.0.14 are affected by issues described in MFSA 2008-14 and MFSA 2008-15.

Affected Products

  • Avaya Intuity AUDIX LX 2.0
  • Avaya Message Networking 3.1
  • Avaya Message Networking MN 3.1
  • Avaya Message Networking
  • Avaya Messaging Storage Server 1.0
  • Avaya Messaging Storage Server 2.0
  • Avaya Messaging Storage Server 3.1
  • Avaya Messaging Storage Server MM3.0
  • Avaya Messaging Storage Server
  • Debian Iceape 1.0.10
  • Debian Iceape 1.0.11
  • Debian Iceape 1.1.1
  • Debian Icedove
  • Debian Iceweasel
  • Debian Linux 4.0
  • Debian Linux 4.0 Alpha
  • Debian Linux 4.0 Amd64
  • Debian Linux 4.0 Arm
  • Debian Linux 4.0 Hppa
  • Debian Linux 4.0 Ia-32
  • Debian Linux 4.0 Ia-64
  • Debian Linux 4.0 M68k
  • Debian Linux 4.0 Mips
  • Debian Linux 4.0 Mipsel
  • Debian Linux 4.0 Powerpc
  • Debian Linux 4.0 S/390
  • Debian Linux 4.0 Sparc
  • Debian Xulrunner
  • Gentoo Linux
  • Mandriva Corporate Server 3.0.0
  • Mandriva Corporate Server 3.0.0 X86 64
  • Mandriva Corporate Server 4.0
  • Mandriva Corporate Server 4.0.0 X86 64
  • Mandriva Linux Mandrake 2007.1
  • Mandriva Linux Mandrake 2007.1 X86 64
  • Mandriva Linux Mandrake 2008.0
  • Mandriva Linux Mandrake 2008.0 X86 64
  • Mandriva Linux Mandrake 2008.1
  • Mandriva Linux Mandrake 2008.1 X86 64
  • Mozilla Firefox 2.0
  • Mozilla Firefox 2.0.0.1
  • Mozilla Firefox 2.0.0.10
  • Mozilla Firefox 2.0.0.11
  • Mozilla Firefox 2.0.0.12
  • Mozilla Firefox 2.0.0.2
  • Mozilla Firefox 2.0.0.3
  • Mozilla Firefox 2.0.0.4
  • Mozilla Firefox 2.0.0.5
  • Mozilla Firefox 2.0.0.6
  • Mozilla Firefox 2.0.0.7
  • Mozilla Firefox 2.0.0.8
  • Mozilla Firefox 2.0.0.9
  • Mozilla Firefox 2.0 Beta 1
  • Mozilla Firefox 2.0 RC2
  • Mozilla Firefox 2.0 RC3
  • Mozilla SeaMonkey 1.1.1
  • Mozilla SeaMonkey 1.1.2
  • Mozilla SeaMonkey 1.1.3
  • Mozilla SeaMonkey 1.1.4
  • Mozilla SeaMonkey 1.1.5
  • Mozilla SeaMonkey 1.1.6
  • Mozilla SeaMonkey 1.1.7
  • Mozilla SeaMonkey 1.1.8
  • Mozilla Thunderbird 2.0.0.12
  • Mozilla Thunderbird 2.0.0.4
  • Mozilla Thunderbird 2.0.0.5
  • Mozilla Thunderbird 2.0.0.6
  • Mozilla Thunderbird 2.0.0.8
  • Mozilla Thunderbird 2.0.0.9
  • Red Hat Desktop 3.0.0
  • Red Hat Desktop 4.0.0
  • Red Hat Enterprise Linux 5 Server
  • Red Hat Enterprise Linux Desktop Version 4
  • Red Hat Enterprise Linux AS 2.1
  • Red Hat Enterprise Linux AS 3
  • Red Hat Enterprise Linux AS 4
  • Red Hat Enterprise Linux Desktop 5 Client
  • Red Hat Enterprise Linux Desktop Workstation 5 Client
  • Red Hat Enterprise Linux ES 2.1
  • Red Hat Enterprise Linux ES 3
  • Red Hat Enterprise Linux ES 4
  • Red Hat Enterprise Linux Optional Productivity Application 5 Server
  • Red Hat Enterprise Linux WS 2.1
  • Red Hat Enterprise Linux WS 3
  • Red Hat Enterprise Linux WS 4
  • Red Hat Fedora 7
  • Red Hat Fedora 8
  • Red Hat Linux Advanced Workstation 2.1 for the Ita 2.1.0 IA64
  • rPath rPath Linux 1
  • Slackware Linux 10.2.0
  • Slackware Linux 11.0
  • Slackware Linux 12.0
  • Slackware Linux 12.1
  • Slackware Linux -Current
  • Sun OpenSolaris Build Snv 89
  • Sun Solaris 10 Sparc
  • Sun Solaris 10 X86
  • SuSE Linux 10.1 Ppc
  • SuSE Linux 10.1 X86
  • SuSE Linux 10.1 X86-64
  • SuSE Novell Linux Desktop 9.0.0
  • SuSE openSUSE 10.2
  • SuSE openSUSE 10.3
  • SuSE SUSE Linux Enterprise Desktop 10 SP1
  • SuSE SUSE Linux Enterprise Server 10
  • SuSE SUSE Linux Enterprise Server 10 SP1
  • Ubuntu Ubuntu Linux 6.06 LTS Amd64
  • Ubuntu Ubuntu Linux 6.06 LTS I386
  • Ubuntu Ubuntu Linux 6.06 LTS Powerpc
  • Ubuntu Ubuntu Linux 6.06 LTS Sparc
  • Ubuntu Ubuntu Linux 6.10 Amd64
  • Ubuntu Ubuntu Linux 6.10 I386
  • Ubuntu Ubuntu Linux 6.10 Powerpc
  • Ubuntu Ubuntu Linux 6.10 Sparc
  • Ubuntu Ubuntu Linux 7.04 Amd64
  • Ubuntu Ubuntu Linux 7.04 I386
  • Ubuntu Ubuntu Linux 7.04 Powerpc
  • Ubuntu Ubuntu Linux 7.04 Sparc
  • Ubuntu Ubuntu Linux 7.10 Amd64
  • Ubuntu Ubuntu Linux 7.10 I386
  • Ubuntu Ubuntu Linux 7.10 Lpia
  • Ubuntu Ubuntu Linux 7.10 Powerpc
  • Ubuntu Ubuntu Linux 7.10 Sparc
  • Ubuntu Ubuntu Linux 8.04 LTS Amd64
  • Ubuntu Ubuntu Linux 8.04 LTS I386
  • Ubuntu Ubuntu Linux 8.04 LTS Lpia
  • Ubuntu Ubuntu Linux 8.04 LTS Powerpc
  • Ubuntu Ubuntu Linux 8.04 LTS Sparc

References

  • BugTraq: 28448
  • CVE: CVE-2008-1236

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out