HTTP: Multiple Browsers CSS Status Bar Spoof

This signature detects attempts to exploit known flaws in several common HTTP browsers, including Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and Apple Safari. Attackers can craft a web page using Cascading Style Sheets (CSS) to include links that indicate via the Status Bar that clicking on them would take you to one site, but instead take you to a different site. Attackers can use this to enhance the credibility of phishing attacks to entice a user to go to what they think is a trusted site but is instead a malicious site.

Extended Description

Microsoft Internet Explorer is prone to a weakness that may allow an attacker to obfuscate a malicious link. Successful exploits of this issue will cause the status bar to display spoofed content that may aid in further attacks. Microsoft Internet Explorer 9 is vulnerable; other versions may also be affected.

Affected Products

Microsoft internet_explorer

References

BugTraq: 47549 47547 47548

URL: http://xeyeteam.appspot.com/2011/04/15/IE-Chrome-Firefox-Status-Bar-Spoofing-Vulnerability.html http://www.microsoft.com/windows/ie/default.mspx

Short Name

HTTP:STC:CSS-STATUS-BAR-SPOOF

Severity

Minor

Recommended

False

Recommended Action

Drop

HTTP: Multiple Browsers CSS Status Bar Spoof

Extended Description

Affected Products

References

Found a potential security threat?