HTTP: Microsoft Internet Explorer Javascript Page Update Race Condition
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack may results in sensitive information being disclosed to the attacker.
Extended Description
The browser is prone to a cross-domain information-disclosure vulnerability because scripts may persist across navigations. This vulnerability may let a malicious site interact with a site in an arbitrary external domain. Attackers could exploit this to gain access to sensitive information that is associated with the external domain. Other attacks may be possible, such as executing script code in other browser security zones. UPDATE: Reports indicate that Safari browser may also be vulnerable, but this has not been confirmed. UPDATE (June 6, 2007): The WebKit framework used by Safari is reported vulnerable. Builds 522 and later, which are associated with the nightly WebKit build, are vulnerable; other versions may also be affected.
Affected Products
Avaya messaging_application_server,Microsoft internet_explorer
Short Name
HTTP:STC:IE:PAGE-UPDATE-RACE
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2007-3091 Condition Explorer Internet Javascript Microsoft Page Race Update bid:24283
Release Date
10/11/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Webkit_open_source_project
Avaya
Microsoft
CVSS Score
7.1