Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:MOZILLA:MAL-SVG-INDEX

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Firefox Malformed SVG Index Parameter

Release Date

 2008/04/01

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Firefox Malformed SVG Index Parameter


This signature detects attempts to exploit a known vulnerability in Mozilla Firefox. An attacker can create a Web site with Web pages containing dangerous SVG calls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

The Mozilla Foundation has released six security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird. These vulnerabilities allow attackers to: - Execute arbitrary code - Cause denial-of-service conditions - Perform cross-site scripting attacks - Obtain potentially sensitive information - Spoof legitimate content Other attacks may also be possible.

Affected Products

  • Avaya Interactive Response 2.0
  • Avaya Interactive Response 3.0
  • Avaya Messaging Storage Server MM3.0
  • Debian Iceape 1.1.1
  • Debian Icedove
  • Debian Iceweasel
  • Debian Linux 4.0
  • Debian Linux 4.0 Alpha
  • Debian Linux 4.0 Amd64
  • Debian Linux 4.0 Arm
  • Debian Linux 4.0 Hppa
  • Debian Linux 4.0 Ia-32
  • Debian Linux 4.0 Ia-64
  • Debian Linux 4.0 M68k
  • Debian Linux 4.0 Mips
  • Debian Linux 4.0 Mipsel
  • Debian Linux 4.0 Powerpc
  • Debian Linux 4.0 S/390
  • Debian Linux 4.0 Sparc
  • Debian Xulrunner
  • Foresight Linux 1.1
  • Gentoo mail-client/mozilla-thunderbird 2.0.0.3
  • Gentoo mail-client/mozilla-thunderbird-bin 2.0.0.3
  • Gentoo net-libs/xulrunner 1.8.1.3
  • Gentoo www-client/mozilla-firefox 2.0.0.3
  • Gentoo www-client/mozilla-firefox-bin 2.0.0.3
  • Gentoo www-client/seamonkey 1.0.7
  • Gentoo www-client/seamonkey-bin 1.0.7
  • HP HP-UX B.11.11
  • HP HP-UX B.11.23
  • HP HP-UX B.11.31
  • Mandriva Corporate Server 3.0.0
  • Mandriva Corporate Server 3.0.0 X86 64
  • Mandriva Linux Mandrake 2007.0
  • Mandriva Linux Mandrake 2007.0 X86 64
  • Mandriva Linux Mandrake 2007.1
  • Mandriva Linux Mandrake 2007.1 X86 64
  • Mozilla Camino 0.7.0 .0
  • Mozilla Camino 0.8.0
  • Mozilla Camino 0.8.3
  • Mozilla Camino 0.8.4
  • Mozilla Camino 1.0
  • Mozilla Camino 1.0.1
  • Mozilla Camino 1.0.2
  • Mozilla Camino 1.0.3
  • Mozilla Camino 1.5
  • Mozilla Firefox 1.0.0
  • Mozilla Firefox 1.0.1
  • Mozilla Firefox 1.0.2
  • Mozilla Firefox 1.0.3
  • Mozilla Firefox 1.0.4
  • Mozilla Firefox 1.0.5
  • Mozilla Firefox 1.0.6
  • Mozilla Firefox 1.0.7
  • Mozilla Firefox 1.0.8
  • Mozilla Firefox 1.5.0
  • Mozilla Firefox 1.5.0.1
  • Mozilla Firefox 1.5.0.10
  • Mozilla Firefox 1.5.0.11
  • Mozilla Firefox 1.5.0.2
  • Mozilla Firefox 1.5.0.3
  • Mozilla Firefox 1.5.0.4
  • Mozilla Firefox 1.5.0.5
  • Mozilla Firefox 1.5.0.6
  • Mozilla Firefox 1.5.0.7
  • Mozilla Firefox 1.5.0.8
  • Mozilla Firefox 1.5.0.9
  • Mozilla Firefox 1.5.0 Beta 1
  • Mozilla Firefox 1.5.0 Beta 2
  • Mozilla Firefox 2.0
  • Mozilla Firefox 2.0.0.1
  • Mozilla Firefox 2.0.0.2
  • Mozilla Firefox 2.0.0.3
  • Mozilla Firefox 2.0 Beta 1
  • Mozilla Firefox 2.0 RC2
  • Mozilla Firefox 2.0 RC3
  • Mozilla SeaMonkey 1.0
  • Mozilla SeaMonkey 1.0.1
  • Mozilla SeaMonkey 1.0.2
  • Mozilla SeaMonkey 1.0.3
  • Mozilla SeaMonkey 1.0.5
  • Mozilla SeaMonkey 1.0.6
  • Mozilla SeaMonkey 1.0.7
  • Mozilla SeaMonkey 1.0.8
  • Mozilla SeaMonkey 1.0.99
  • Mozilla SeaMonkey 1.0 Dev
  • Mozilla SeaMonkey 1.1.1
  • Mozilla SeaMonkey 1.1 Beta
  • Mozilla Thunderbird 1.0.0
  • Mozilla Thunderbird 1.0.1
  • Mozilla Thunderbird 1.0.2
  • Mozilla Thunderbird 1.0.5
  • Mozilla Thunderbird 1.0.6
  • Mozilla Thunderbird 1.0.7
  • Mozilla Thunderbird 1.0.8
  • Mozilla Thunderbird 1.5.0
  • Mozilla Thunderbird 1.5.0.1
  • Mozilla Thunderbird 1.5.0.10
  • Mozilla Thunderbird 1.5.0.2
  • Mozilla Thunderbird 1.5.0.4
  • Mozilla Thunderbird 1.5.0.5
  • Mozilla Thunderbird 1.5.0.7
  • Mozilla Thunderbird 1.5.0.8
  • Mozilla Thunderbird 1.5.0.9
  • Mozilla Thunderbird 1.5.0 Beta 2
  • Red Hat Advanced Workstation for the Itanium Processor 2.1.0
  • Red Hat Enterprise Linux 5 Server
  • Red Hat Enterprise Linux Desktop Version 4
  • Red Hat Enterprise Linux AS 2.1
  • Red Hat Enterprise Linux AS 2.1 IA64
  • Red Hat Enterprise Linux AS 3
  • Red Hat Enterprise Linux AS 4
  • Red Hat Enterprise Linux Desktop 5 Client
  • Red Hat Enterprise Linux Desktop Workstation 5 Client
  • Red Hat Enterprise Linux ES 2.1
  • Red Hat Enterprise Linux ES 2.1 IA64
  • Red Hat Enterprise Linux ES 3
  • Red Hat Enterprise Linux ES 4
  • Red Hat Enterprise Linux Optional Productivity Application 5 Server
  • Red Hat Enterprise Linux WS 2.1
  • Red Hat Enterprise Linux WS 2.1 IA64
  • Red Hat Enterprise Linux WS 3
  • Red Hat Enterprise Linux WS 4
  • Red Hat Fedora 7
  • rPath rPath Linux 1
  • SGI ProPack 3.0.0 SP6
  • Slackware Linux 10.2.0
  • Slackware Linux 11.0
  • Slackware Linux -Current
  • Sun Solaris 10 X86
  • Sun Solaris 8 Sparc
  • Sun Solaris 8 X86
  • Sun Solaris 9 Sparc
  • Sun Solaris 9 X86
  • SuSE Linux 10.0 Ppc
  • SuSE Linux 10.0 X86
  • SuSE Linux 10.0 X86-64
  • SuSE Linux 10.1 Ppc
  • SuSE Linux 10.1 X86
  • SuSE Linux 10.1 X86-64
  • SuSE Linux Personal 10.0.0 OSS
  • SuSE Linux Personal 10.1
  • SuSE Linux Personal 10.2
  • SuSE Linux Personal 10.2 X86 64
  • SuSE Linux Professional 10.0.0
  • SuSE Linux Professional 10.0.0 OSS
  • SuSE Linux Professional 10.1
  • SuSE Linux Professional 10.2
  • SuSE Linux Professional 10.2 X86 64
  • SuSE Novell Linux Desktop 9.0.0
  • SuSE Novell Linux POS 9
  • SuSE openSUSE 10.2
  • SuSE SUSE Linux Enterprise Desktop 10 SP1
  • SuSE SUSE Linux Enterprise Server 10 SP1
  • SuSE SUSE Linux Enterprise Server 8
  • SuSE SuSE Linux Openexchange Server 4.0.0
  • SuSE SUSE LINUX Retail Solution 8.0.0
  • SuSE SuSE Linux School Server for i386
  • SuSE SuSE Linux Standard Server 8.0.0
  • SuSE UnitedLinux 1.0.0
  • Ubuntu Ubuntu Linux 6.06 LTS Amd64
  • Ubuntu Ubuntu Linux 6.06 LTS I386
  • Ubuntu Ubuntu Linux 6.06 LTS Powerpc
  • Ubuntu Ubuntu Linux 6.06 LTS Sparc
  • Ubuntu Ubuntu Linux 6.10 Amd64
  • Ubuntu Ubuntu Linux 6.10 I386
  • Ubuntu Ubuntu Linux 6.10 Powerpc
  • Ubuntu Ubuntu Linux 6.10 Sparc
  • Ubuntu Ubuntu Linux 7.04 Amd64
  • Ubuntu Ubuntu Linux 7.04 I386
  • Ubuntu Ubuntu Linux 7.04 Powerpc
  • Ubuntu Ubuntu Linux 7.04 Sparc

References

  • BugTraq: 24242
  • CVE: CVE-2007-2867
  • URL: http://www.mozilla.org/security/announce/2007/mfsa2007-12.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out