Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:MOZILLA:PLUGIN-ACL

Severity

 High

Recommended

 Yes

Recommended Action

 Drop

Category

 HTTP

Keywords

 Mozilla Firefox Plugin Access Control Vulnerability

Release Date

 2005/03/22

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Mozilla Firefox Plugin Access Control Vulnerability


This signature detects attempts to download a maliciously crafted HTML document containing JavaScript code. This code is designed to trick the Mozilla Firefox Web browser into executing arbitrary code in the wrong context.

Extended Description

Reportedly a remote code execution vulnerability affects Mozilla Firefox. This issue is due to a failure of the application to properly restrict the access rights of Web content. An attacker may leverage this issue to compromise security of the affected browser; by exploiting this issue along with others (BIDs 12465 and 12466) it is possible to execute arbitrary code. It should be noted that although only version 1.0 is reported vulnerable, other versions may be vulnerable as well.

Affected Products

  • Gentoo Linux
  • HP HP-UX B.11.00
  • HP HP-UX B.11.11
  • HP HP-UX B.11.22
  • HP HP-UX B.11.23
  • Mandriva Corporate Server 3.0.0
  • Mandriva Corporate Server 3.0.0 X86 64
  • Mandriva Linux Mandrake 10.1.0
  • Mandriva Linux Mandrake 10.1.0 X86 64
  • Mandriva Linux Mandrake 10.2.0
  • Mandriva Linux Mandrake 10.2.0 X86 64
  • Mozilla Browser 1.7.0
  • Mozilla Browser 1.7.1
  • Mozilla Browser 1.7.2
  • Mozilla Browser 1.7.3
  • Mozilla Browser 1.7.4
  • Mozilla Browser 1.7.5
  • Mozilla Firefox 1.0.0
  • Netscape 7.0.0
  • Netscape 7.1.0
  • Netscape 7.2.0
  • Red Hat Advanced Workstation for the Itanium Processor 2.1.0
  • Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
  • Red Hat Desktop 3.0.0
  • Red Hat Enterprise Linux AS 2.1
  • Red Hat Enterprise Linux AS 2.1 IA64
  • Red Hat Enterprise Linux AS 3
  • Red Hat Enterprise Linux ES 2.1
  • Red Hat Enterprise Linux ES 2.1 IA64
  • Red Hat Enterprise Linux ES 3
  • Red Hat Enterprise Linux WS 2.1
  • Red Hat Enterprise Linux WS 2.1 IA64
  • Red Hat Enterprise Linux WS 3
  • Red Hat Fedora Core1
  • Red Hat Fedora Core2
  • Red Hat Linux 7.3.0
  • Red Hat Linux 7.3.0 I386
  • Red Hat Linux 7.3.0 I686
  • Red Hat Linux 9.0.0 I386
  • SGI ProPack 3.0.0

References

  • BugTraq: 12655
  • CVE: CVE-2005-0527
  • URL: http://www.mozilla.org/security/announce/mfsa2005-27.html
  • URL: http://securitytracker.com/alerts/2005/Feb/1013301.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out