Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 SMTP:MAL:FIREFOX-HTML-URL-INJ

Severity

 Medium

Recommended

 No

Category

 SMTP

Keywords

 Firefox HTML URL Injection

Release Date

 2006/02/22

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

SMTP: Firefox HTML URL Injection


This signature detects e-mails containing a command injection in an HTML URL. A remote attacker could craft a URL designed to execute arbitrary shell commands. Successful exploitation enables the attacker to execute arbitrary shell commands with user permissions.

Extended Description

Mozilla Browser/Firefox are affected by an arbitrary command-execution vulnerability. This attack would occur in the context of the user running the vulnerable application and may facilitate unauthorized remote access. Mozilla Firefox 1.0.6 running on UNIX-based platforms is reportedly vulnerable. Other versions and applications employing Firefox functionality may be vulnerable as well. Mozilla Browser 1.7.x versions and Thunderbird 1.x versions are also vulnerable to this issue.

Affected Products

  • Conectiva Linux 10.0.0
  • Debian Linux 3.1.0
  • Debian Linux 3.1.0 Alpha
  • Debian Linux 3.1.0 Amd64
  • Debian Linux 3.1.0 Arm
  • Debian Linux 3.1.0 Hppa
  • Debian Linux 3.1.0 Ia-32
  • Debian Linux 3.1.0 Ia-64
  • Debian Linux 3.1.0 M68k
  • Debian Linux 3.1.0 Mips
  • Debian Linux 3.1.0 Mipsel
  • Debian Linux 3.1.0 Ppc
  • Debian Linux 3.1.0 S/390
  • Debian Linux 3.1.0 Sparc
  • Mandriva Linux Mandrake 10.2.0
  • Mandriva Linux Mandrake 10.2.0 X86 64
  • Mandriva Linux Mandrake 2006.0.0
  • Mandriva Linux Mandrake 2006.0.0 X86 64
  • Mozilla Browser 1.7.0
  • Mozilla Browser 1.7.0 Alpha
  • Mozilla Browser 1.7.0 Beta
  • Mozilla Browser 1.7.0 Rc1
  • Mozilla Browser 1.7.0 Rc2
  • Mozilla Browser 1.7.0 Rc3
  • Mozilla Browser 1.7.1
  • Mozilla Browser 1.7.11
  • Mozilla Browser 1.7.2
  • Mozilla Browser 1.7.3
  • Mozilla Browser 1.7.4
  • Mozilla Browser 1.7.5
  • Mozilla Browser 1.7.6
  • Mozilla Browser 1.7.7
  • Mozilla Browser 1.7.8
  • Mozilla Browser 1.7.9
  • Mozilla Firefox 1.0.2
  • Mozilla Firefox 1.0.6
  • Mozilla Thunderbird 1.0.0
  • Mozilla Thunderbird 1.0.1
  • Mozilla Thunderbird 1.0.2
  • Mozilla Thunderbird 1.0.5
  • Mozilla Thunderbird 1.0.6
  • Red Hat Fedora Core3
  • Red Hat Fedora Core4
  • SGI ProPack 3.0.0 SP6
  • Slackware Linux 10.0.0
  • Slackware Linux 10.1.0
  • Slackware Linux 10.2.0
  • Slackware Linux -Current
  • Turbolinux Home
  • Turbolinux Multimedia
  • Turbolinux Personal
  • Turbolinux 10 F...
  • Turbolinux Turbolinux Desktop 10.0.0
  • Turbolinux Turbolinux Server 10.0.0
  • Ubuntu Ubuntu Linux 4.1.0 Ia32
  • Ubuntu Ubuntu Linux 4.1.0 Ia64
  • Ubuntu Ubuntu Linux 4.1.0 Ppc
  • Ubuntu Ubuntu Linux 5.0.0 4 Amd64
  • Ubuntu Ubuntu Linux 5.0.0 4 I386
  • Ubuntu Ubuntu Linux 5.0.0 4 Powerpc

References

  • BugTraq: 14888
  • CVE: CVE-2005-2968

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out