HTTP: Mozilla Firefox DATA URI File Deletion
This signature detects attempts to exploit a known vulnerability in Mozilla Firefox. Attackers can craft a malicious Web site that deletes arbitrary files on the client computer when the client views the maliciously crafted Web site in Mozilla Firefox.
Extended Description
It is reported that Mozilla Firefox is susceptible to a file deletion vulnerability. This vulnerability allows attackers that can lure unsuspecting users to view malicious HTML or script code to cause the recursive deletion of the victim users configured download directory. They can achieve this by crafting malicious web pages containing either HTML or script code that utilizes the 'data:' URI scheme. This vulnerability is reported to exist in Mozilla Firefox in versions prior to 0.10.1.
Affected Products
Mozilla firefox
Short Name
HTTP:BROWSER:FIREFOX-DATA-URI
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2004-2225 DATA Deletion File Firefox Mozilla URI bid:11311
Release Date
12/17/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Mozilla
CVSS Score
5.0