Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:MOZILLA:SSL-ICON

Severity

 Info

Recommended

 No

Category

 HTTP

Keywords

 SSL Icon Spoofing

Release Date

 2005/03/22

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: SSL Icon Spoofing


This signature detects the SSL icon in an insecure (HTTP) Web page. Attackers can create an insecure Web page that displays the SSL "lock" icon from a previous secure state; this icon can make phony login Web sites appear more authentic, possibly tricking users into entering sensitive information.

Extended Description

Mozilla, Firefox, and Thunderbird applications are reported prone to multiple vulnerabilities. The following specific issues are reported: - Access-control bypass (Mozilla and Firefox browsers). Although unconfirmed, this vulnerability presumably may be exploited to access information pertaining to a target filesystem. For example, an attacker may be able to determine whether a file exists or not. This vulnerability is reported to affect Mozilla Firefox versions prior to 1.0 and Mozilla Suite versions prior to 1.7.5. - Status-bar misrepresentation (Mozilla and Firefox browsers). A remote attacker may exploit this vulnerability to aid in phishing-style attacks (e.g. to make a malicious site appear authentic). This vulnerability is reported to affect Mozilla Firefox versions prior to 1.0 and Mozilla Suite versions prior to 1.7.5. - Additional status-bar misrepresentation (Mozilla and Firefox browsers). Using JavaScript to automate the process, a remote attacker may exploit this vulnerability to aid in phishing-style attacks (e.g. to make a malicious site appear authentic). This vulnerability is reported to affect Mozilla Firefox versions prior to 1.0 and Mozilla Suite versions prior to 1.7.5. - Mozilla and Firefox browsers provide functionality (Alt-Click) to download files that are linked by URIs to the default download location without requiring a user prompt. Reports indicate that a malicious site may exploit this functionality to download a file to the default download location without user interaction. This vulnerability is reported to affect Mozilla Firefox versions prior to 1.0. - Clipboard information-disclosure vulnerability (Mozilla and Firefox browsers). A remote attacker may exploit this vulnerability to steal clipboard contents, which may reveal potentially sensitive information to a remote attacker. This vulnerability is reported to affect Mozilla Firefox versions prior to 1.0 and Mozilla Suite versions prior to 1.7.5. - Additional information-disclosure vulnerability (Mozilla and Firefox browsers). A remote malicious server may invoke a request against a vulnerable browser and the browser will respond with proxy-authentication credentials. This vulnerability is reported to affect Mozilla Firefox versions prior to 1.0 and Mozilla Suite versions prior to 1.7.5. - Mozilla Thunderbird erroneously responds to cookie requests that are contained in HTML-based email. Reportedly, a remote attacker may exploit this vulnerability to track emails to victim users. This vulnerability is reported to affect Thunderbird versions 0.6 to 0.9 and Mozilla Suite 1.7 to 1.7.3. - Local code-execution vulnerability (Mozilla Firefox). The vulnerability exists in the Livefeed bookmark functionality. If, for example, 'about:config' is displayed when the Livefeed is updated, then arbitrary code execution may reportedly occur on the affected computer. This vulnerability is reported to affect Mozilla Firefox versions prior to 1.0. - Mozilla Thunderbird reportedly fails to handle 'javascript:' URI links. The affected application employs the default handler for 'javascript:' URIs that is registered on the host operating system. This is incorrect behavior and may result in exposure to latent vulnerabilities due to a false sense of security. This vulnerability is reported to affect Mozilla Thunderbird versions prior to 0.9. This BID will be separated into individual BIDs as soon as further research into each of the vulnerabilities is completed.

Affected Products

  • HP HP-UX B.11.00
  • HP HP-UX B.11.11
  • HP HP-UX B.11.22
  • HP HP-UX B.11.23
  • Mandriva Corporate Server 3.0.0
  • Mandriva Corporate Server 3.0.0 X86 64
  • Mandriva Linux Mandrake 10.1.0
  • Mandriva Linux Mandrake 10.1.0 X86 64
  • Mandriva Linux Mandrake 10.2.0
  • Mandriva Linux Mandrake 10.2.0 X86 64
  • Mozilla Browser 0.8.0
  • Mozilla Browser 0.9.2
  • Mozilla Browser 0.9.2 .1
  • Mozilla Browser 0.9.3
  • Mozilla Browser 0.9.35
  • Mozilla Browser 0.9.4
  • Mozilla Browser 0.9.4 .1
  • Mozilla Browser 0.9.48
  • Mozilla Browser 0.9.5
  • Mozilla Browser 0.9.6
  • Mozilla Browser 0.9.7
  • Mozilla Browser 0.9.8
  • Mozilla Browser 0.9.9
  • Mozilla Browser 1.0.0
  • Mozilla Browser 1.0.0 RC1
  • Mozilla Browser 1.0.0 RC2
  • Mozilla Browser 1.0.1
  • Mozilla Browser 1.0.2
  • Mozilla Browser 1.1.0
  • Mozilla Browser 1.1.0 Alpha
  • Mozilla Browser 1.1.0 Beta
  • Mozilla Browser 1.2.0
  • Mozilla Browser 1.2.0 Alpha
  • Mozilla Browser 1.2.0 Beta
  • Mozilla Browser 1.2.1
  • Mozilla Browser 1.3.0
  • Mozilla Browser 1.3.1
  • Mozilla Browser 1.4.0
  • Mozilla Browser 1.4.0 A
  • Mozilla Browser 1.4.0 B
  • Mozilla Browser 1.4.1
  • Mozilla Browser 1.4.2
  • Mozilla Browser 1.4.4
  • Mozilla Browser 1.5.0
  • Mozilla Browser 1.5.1
  • Mozilla Browser 1.6.0
  • Mozilla Browser 1.7.0
  • Mozilla Browser 1.7.0 Alpha
  • Mozilla Browser 1.7.0 Beta
  • Mozilla Browser 1.7.0 Rc1
  • Mozilla Browser 1.7.0 Rc2
  • Mozilla Browser 1.7.0 Rc3
  • Mozilla Browser 1.7.1
  • Mozilla Browser 1.7.2
  • Mozilla Browser 1.7.3
  • Mozilla Browser 1.7.4
  • Mozilla Browser 1.7.6
  • Mozilla Firebird 0.5.0
  • Mozilla Firebird 0.6.1
  • Mozilla Firebird 0.7.0
  • Mozilla Firefox 0.10.0
  • Mozilla Firefox 0.10.1
  • Mozilla Firefox 0.8.0
  • Mozilla Firefox 0.9.0
  • Mozilla Firefox 0.9.0 Rc
  • Mozilla Firefox 0.9.1
  • Mozilla Firefox 0.9.2
  • Mozilla Firefox 0.9.3
  • Mozilla Firefox Preview Release
  • Mozilla Thunderbird 0.6.0
  • Mozilla Thunderbird 0.7.0
  • Mozilla Thunderbird 0.7.1
  • Mozilla Thunderbird 0.7.2
  • Mozilla Thunderbird 0.7.3
  • Mozilla Thunderbird 0.8.0
  • Mozilla Thunderbird 0.9.0
  • Netscape 7.0.0
  • Netscape 7.1.0
  • Netscape 7.2.0
  • Red Hat Advanced Workstation for the Itanium Processor 2.1.0
  • Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
  • Red Hat Desktop 3.0.0
  • Red Hat Enterprise Linux AS 2.1
  • Red Hat Enterprise Linux AS 2.1 IA64
  • Red Hat Enterprise Linux AS 3
  • Red Hat Enterprise Linux ES 2.1
  • Red Hat Enterprise Linux ES 2.1 IA64
  • Red Hat Enterprise Linux ES 3
  • Red Hat Enterprise Linux WS 2.1
  • Red Hat Enterprise Linux WS 2.1 IA64
  • Red Hat Enterprise Linux WS 3
  • Red Hat Fedora Core1
  • Red Hat Fedora Core2
  • Red Hat Fedora Core3
  • Red Hat Linux 7.3.0
  • Red Hat Linux 7.3.0 I386
  • Red Hat Linux 7.3.0 I686
  • Red Hat Linux 9.0.0 I386
  • SGI ProPack 3.0.0
  • SuSE Linux Personal 10.0.0 OSS
  • SuSE Linux Personal 9.1.0
  • SuSE Linux Personal 9.1.0 X86 64
  • SuSE Linux Personal 9.2.0
  • SuSE Linux Personal 9.2.0 X86 64
  • SuSE Linux Personal 9.3.0
  • SuSE Linux Personal 9.3.0 X86 64
  • SuSE Linux Professional 10.0.0
  • SuSE Linux Professional 10.0.0 OSS
  • SuSE Linux Professional 9.1.0
  • SuSE Linux Professional 9.1.0 X86 64
  • SuSE Linux Professional 9.2.0
  • SuSE Linux Professional 9.2.0 X86 64
  • SuSE Linux Professional 9.3.0
  • SuSE Linux Professional 9.3.0 X86 64

References

  • BugTraq: 12407
  • CVE: CVE-2005-0144
  • URL: http://xforce.iss.net/xforce/xfdb/19169
  • URL: http://www.mozilla.org/security/announce/mfsa2005-04.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out