HTTP: Firefox Favicon JavaScript Execution
This signature detects attempts to exploit a known vulnerability in Firefox Web browsers. Firefox 1.0.2 and earlier versions are vulnerable. Attackers can create a malicious Web server that can execute arbitrary code within the context of Chrome (typically the user context).
Extended Description
A remote code-execution vulnerability affects Mozilla Suite and Mozilla Firefox because the applications fail to deny remote unauthorized access to trusted local interfaces. An attacker may be able to exploit this issue to execute arbitrary script code with the privileges of an unsuspecting user that activated the affected browser. This may facilitate the installation and execution of malicious applications on an affected computer. Note that this issue was previously reported in BID 13208 (Mozilla Suite Multiple Code Execution, Cross-Site Scripting, And Policy Bypass Vulnerabilities); it has been assigned its own BID.
Affected Products
Suse linux_desktop
References
BugTraq: 13216
CVE: CVE-2005-1155
URL: http://www.mozilla.org/security/announce/mfsa2005-37.html http://www.kb.cert.org/vuls/id/973309
Short Name
HTTP:STC:MOZILLA:FIRE-FAVICON
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2005-1155 Execution Favicon Firefox JavaScript bid:13216
Release Date
05/26/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Sco
Suse
Hp
Mozilla
Sgi
Ubuntu
Mandriva
Netscape
CVSS Score
7.5