Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:ON-BEFORE-UNLOAD

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Microsoft Internet Explorer OnBeforeUnload JavaScript Address Bar Spoofing

Release Date

 2010/10/13

Update Number

 1791

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Microsoft Internet Explorer OnBeforeUnload JavaScript Address Bar Spoofing


This signature detects attempts to exploit a known address bar spoofing vulnerability in Microsoft Internet Explorer. It is due to improper resource handling when the user navigates through address bar to a trusted site. An attacker can exploit this by constructing a specially crafted Web page to spoof the legitimate site. In a successful exploit, the victim believes he had left a Web page (after entering an address in the address bar) and the address bar implies that too, but in reality, Internet Explorer is prevented from doing so and it continues to display assorted content originating from the attacker.

Extended Description

Microsoft Internet Explorer is prone to a vulnerability that allows attackers to trap users at a particular webpage and spoof page transitions. Attackers may exploit this via a malicious page to spoof the contents and origin of a page that the victim may trust. This vulnerability may be useful in phishing or other attacks that rely on content spoofing. Internet Explorer 7 is vulnerable to this issue; other versions may also be affected.

Affected Products

  • HP Storage Management Appliance 2.1
  • HP Storage Management Appliance I
  • HP Storage Management Appliance II
  • HP Storage Management Appliance III
  • Microsoft Internet Explorer 5.0.1
  • Microsoft Internet Explorer 5.0.1 SP1
  • Microsoft Internet Explorer 5.0.1 SP2
  • Microsoft Internet Explorer 5.0.1 SP3
  • Microsoft Internet Explorer 5.0.1 SP4
  • Microsoft Internet Explorer 6.0
  • Microsoft Internet Explorer 6.0 SP1
  • Microsoft Internet Explorer 7.0
  • Nortel Networks CallPilot 1002Rp
  • Nortel Networks CallPilot 200I
  • Nortel Networks CallPilot 201I
  • Nortel Networks CallPilot 702T
  • Nortel Networks CallPilot 703T
  • Nortel Networks Centrex IP Client Manager 7.0.0
  • Nortel Networks Centrex IP Client Manager 8.0.0
  • Nortel Networks Centrex IP Client Manager 9.0
  • Nortel Networks Centrex IP Element Manager 7.0.0
  • Nortel Networks Centrex IP Element Manager 8.0.0
  • Nortel Networks Centrex IP Element Manager 9.0.0
  • Nortel Networks Contact Center
  • Nortel Networks Contact Center Administration
  • Nortel Networks Contact Center Express
  • Nortel Networks Contact Center Manager
  • Nortel Networks Contact Center Manager Server

References

  • BugTraq: 24911
  • CVE: CVE-2007-3826

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out