Signature Detail
Short Name |
HTTP:STC:MOZILLA:SIDEBAR |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Mozilla Sidebar |
Release Date |
2005/06/21 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Mozilla Sidebar
This signature detects HTTP sessions that open a sidebar in a Mozilla-based browser. Mozilla Firefox 1.01 and earlier do not apply security policies to sidebars. Malicious Web servers can exploit existing browser vulnerabilities with the user's permission level.
Extended Description
Mozilla Firefox is prone to a vulnerability that could allow remote code execution. This may occur if a malicious Web page is bookmarked as a sidebar panel. The malicious page may then reportedly open a privileged page and inject JavaScript. This may be leveraged to execute arbitrary code as the victim client user.
Affected Products
- Gentoo Linux
- Mozilla Firefox 0.8.0
- Mozilla Firefox 0.9.0
- Mozilla Firefox 0.9.0 Rc
- Mozilla Firefox 0.9.1
- Mozilla Firefox 0.9.2
- Mozilla Firefox 0.9.3
- Mozilla Firefox 1.0.0
- Mozilla Firefox 1.0.1
- Netscape 7.0.0
- Netscape 7.1.0
- Netscape 7.2.0
References