HTTP: Mozilla Firefox XUL Browser Interface Spoofing
This signature detects an attempt to download a Mozilla Firefox XML User Interface Language file. Opening a malicious .xul file can allow for arbitrary code execution, leading to system compromise. This vulnerability is present in Firefox versions prior to version 0.9. Please note that there are legitimate uses for this file type. Therefore, not all instances of this signature might be an actual attack.
Extended Description
Mozilla Firefox is reported prone to an interface spoofing vulnerability. The issue presents itself because JavaScript code is allowed to hide the Mozilla Firefox interface and status bar by default. A fake Mozilla firefox interface may be created using the XML User Interface Language API, this interface may aid in phishing style attacks. This misrepresentation may fool a user into trusting a malicious site, which would likely ask the user to submit sensitive or private information.
Affected Products
Suse linux_desktop
References
BugTraq: 10832
CVE: CVE-2004-0764
URL: http://www.securityfocus.com/bid/10832 http://xforce.iss.net/xforce/xfdb/16837
Short Name
HTTP:EXT:DOT-XUL
Severity
Warning
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Browser CVE-2004-0764 Firefox Interface Mozilla Spoofing XUL bid:10832
Release Date
02/15/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Sco
Conectiva
Suse
Mozilla
Sgi
CVSS Score
10.0