HTTP: Mozilla Firefox IFRAME Style Change Handling Code Execution
This signature detects attempts to exploit a known vulnerability against Mozilla Firefox. A successful attack can lead to arbitrary code execution.
Extended Description
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox 2.0.0.12 and prior versions. Exploiting these issues can allow attackers to: - steal authentication credentials - obtain potentially sensitive information - violate the same-origin policy - execute scripts with elevated privileges - cause denial-of-service conditions - potentially execute arbitrary code - perform cross-site request-forgery attacks Other attacks are possible. These issues are present in Firefox 2.0.0.12 and prior versions. Many of these issues are present in Mozilla Thunderbird 2.0.0.12 and prior versions as well as SeaMonkey 1.1.8 and prior versions. UPDATE: Versions of Mozilla Thunderbird prior to 2.0.0.14 are affected by issues described in MFSA 2008-14 and MFSA 2008-15.
Affected Products
Mozilla thunderbird
Short Name
HTTP:STC:MOZILLA:IFRAME-STYLE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2008-1236 Change Code Execution Firefox Handling IFRAME Mozilla Style bid:28448
Release Date
09/28/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Red_hat
Suse
Gentoo
Sun
Rpath
Mozilla
Avaya
Slackware
Ubuntu
Mandriva
Debian
CVSS Score
6.8