HTTP: Firefox FireSearching
This signature detects the addition of a search engine containing JavaScript to the FireFox browser. It is possible to use this search engine as a spyware module to gather information about the user.
Extended Description
A remote code-execution vulnerability affects Mozilla Suite and Mozilla Firefox because the applications fail to validate access prior to executing remotely supplied scripts. An attacker may leverage this issue to execute arbitrary code in the context of a site that is being viewed by an unsuspecting user. If the web page being viewed is a privileged page, remote code execution is possible. This may facilitate cross-site scripting as well as a compromise of an affected computer. Note that this issue was previously reported in BID 13208 (Mozilla Suite Multiple Code Execution, Cross-Site Scripting, And Policy Bypass Vulnerabilities); it has been assigned its own BID.
Affected Products
Suse linux_desktop
Short Name
HTTP:STC:MOZILLA:FIRESEARCH
Severity
Warning
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2005-1156 FireSearching Firefox bid:13211
Release Date
09/01/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Red_hat
Sco
Suse
Hp
Mozilla
Sgi
Ubuntu
Mandriva
Netscape
CVSS Score
7.5