Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:MOZILLA:WRAPPED-JAVA

Severity

 Medium

Recommended

 No

Category

 HTTP

Keywords

 Firefox Wrapped Javascript

Release Date

 2005/05/26

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Firefox Wrapped Javascript


This signature detects attempts to exploit a known vulnerability in Firefox Web browser. Attackers can create a malicious Web page that contains wrapped JavaScript; when viewed in the browser, the JavaScript can execute arbitrary code within the context of the Web browser.

Extended Description

Multiple issues in Mozilla Suite and Firefox allow attackers to bypass security checks in the script security manager. Security checks in the script security manager are designed to prevent script-injection vulnerabilities. An attacker sending certain undisclosed JavaScript in 'view-source:' and 'jar:' pseudo-protocol URIs may bypass these security checks. An undisclosed nested URI, as well as a variant of BID 13216, can reportedly also bypass security checks. Exploiting these vulnerabilities allows remote attackers to run script code with elevated privileges, leading to the installation and execution of malicious applications on an affected computer. Cross-site scripting and other attacks are also likely possible. The vendor has not provided enough information to determine how many specific instances of the issue were addressed, and has not clarified whether or not they have addressed a single general vulnerability or multiple specific vulnerabilities. This BID may be split into separate issues as more information is disclosed. Further details are scheduled to be released in the future. This BID will be updated at that time.

Affected Products

  • HP Secure Web Browser for OpenVMS Alpha 1.7.0 -7
  • Mozilla Browser 0.8.0
  • Mozilla Browser 0.9.2
  • Mozilla Browser 0.9.2 .1
  • Mozilla Browser 0.9.3
  • Mozilla Browser 0.9.35
  • Mozilla Browser 0.9.4
  • Mozilla Browser 0.9.4 .1
  • Mozilla Browser 0.9.48
  • Mozilla Browser 0.9.5
  • Mozilla Browser 0.9.6
  • Mozilla Browser 0.9.7
  • Mozilla Browser 0.9.8
  • Mozilla Browser 0.9.9
  • Mozilla Browser 1.0.0
  • Mozilla Browser 1.0.0 RC1
  • Mozilla Browser 1.0.0 RC2
  • Mozilla Browser 1.0.1
  • Mozilla Browser 1.0.2
  • Mozilla Browser 1.1.0
  • Mozilla Browser 1.1.0 Alpha
  • Mozilla Browser 1.1.0 Beta
  • Mozilla Browser 1.2.0
  • Mozilla Browser 1.2.0 Alpha
  • Mozilla Browser 1.2.0 Beta
  • Mozilla Browser 1.2.1
  • Mozilla Browser 1.3.0
  • Mozilla Browser 1.3.1
  • Mozilla Browser 1.4.0
  • Mozilla Browser 1.4.0 A
  • Mozilla Browser 1.4.0 B
  • Mozilla Browser 1.4.1
  • Mozilla Browser 1.4.2
  • Mozilla Browser 1.4.4
  • Mozilla Browser 1.5.0
  • Mozilla Browser 1.5.1
  • Mozilla Browser 1.6.0
  • Mozilla Browser 1.7.0
  • Mozilla Browser 1.7.0 Alpha
  • Mozilla Browser 1.7.0 Beta
  • Mozilla Browser 1.7.0 Rc1
  • Mozilla Browser 1.7.0 Rc2
  • Mozilla Browser 1.7.0 Rc3
  • Mozilla Browser 1.7.1
  • Mozilla Browser 1.7.2
  • Mozilla Browser 1.7.3
  • Mozilla Browser 1.7.4
  • Mozilla Browser 1.7.5
  • Mozilla Browser 1.7.6
  • Mozilla Browser 1.7.7
  • Mozilla Browser M15
  • Mozilla Browser M16
  • Mozilla Firebird 0.5.0
  • Mozilla Firebird 0.6.1
  • Mozilla Firebird 0.7.0
  • Mozilla Firefox 0.10.0
  • Mozilla Firefox 0.10.1
  • Mozilla Firefox 0.8.0
  • Mozilla Firefox 0.9.0
  • Mozilla Firefox 0.9.0 Rc
  • Mozilla Firefox 0.9.1
  • Mozilla Firefox 0.9.2
  • Mozilla Firefox 0.9.3
  • Mozilla Firefox 1.0.0
  • Mozilla Firefox 1.0.1
  • Mozilla Firefox 1.0.2
  • Mozilla Firefox 1.0.3
  • Mozilla Firefox Preview Release
  • Netscape 7.0.0
  • Netscape 7.1.0
  • Netscape 7.2.0
  • Netscape 8.0.0
  • Red Hat Advanced Workstation for the Itanium Processor 2.1.0
  • Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
  • Red Hat Desktop 3.0.0
  • Red Hat Desktop 4.0.0
  • Red Hat Enterprise Linux Desktop Version 4
  • Red Hat Enterprise Linux AS 2.1
  • Red Hat Enterprise Linux AS 2.1 IA64
  • Red Hat Enterprise Linux AS 3
  • Red Hat Enterprise Linux AS 4
  • Red Hat Enterprise Linux ES 2.1
  • Red Hat Enterprise Linux ES 2.1 IA64
  • Red Hat Enterprise Linux ES 3
  • Red Hat Enterprise Linux ES 4
  • Red Hat Enterprise Linux WS 2.1
  • Red Hat Enterprise Linux WS 2.1 IA64
  • Red Hat Enterprise Linux WS 3
  • Red Hat Enterprise Linux WS 4
  • SCO Unixware 7.1.4
  • SGI Advanced Linux Environment 3.0.0
  • SGI ProPack 3.0.0
  • SuSE Linux Personal 9.0.0
  • SuSE Linux Personal 9.0.0 X86 64
  • SuSE Linux Personal 9.1.0
  • SuSE Linux Personal 9.1.0 X86 64
  • SuSE Linux Personal 9.2.0
  • SuSE Linux Personal 9.2.0 X86 64
  • SuSE Linux Personal 9.3.0
  • SuSE Novell Linux Desktop 9.0.0
  • SuSE SUSE Linux Enterprise Server 9
  • Ubuntu Ubuntu Linux 4.1.0 Ia32
  • Ubuntu Ubuntu Linux 4.1.0 Ia64
  • Ubuntu Ubuntu Linux 4.1.0 Ppc
  • Ubuntu Ubuntu Linux 5.0.0 4 Amd64
  • Ubuntu Ubuntu Linux 5.0.0 4 I386
  • Ubuntu Ubuntu Linux 5.0.0 4 Powerpc

References

  • BugTraq: 13641
  • CVE: CVE-2005-1531
  • URL: http://www.mozilla.org/security/announce/mfsa2005-43.html
  • URL: http://www.frsirt.com/english/advisories/2005/0530
  • URL: http://securitytracker.com/id?1013962

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out