HTTP: Mozilla JavaScript Clipboard Access
This signature detects attempts to exploit a known vulnerability against Mozilla client's clipboard. All Mozilla 1.7.2 and NetScape Navigator 7.2 and prior versions are vulnerable. Attackers can download malicious JavaScript code to manipulate the clipboard contents and cause a denial-of-service condition or execute arbitrary code.
Extended Description
Mozilla is reportedly affected by multiple heap based buffer overflow vulnerabilities when processing URIs in emails. These issues are due to a failure of the affected application to validate user-supplied string lengths before copying them into finite process buffers. An attacker might leverage these issues to have arbitrary code executed in the context of the user running the vulnerable application.
Affected Products
Suse linux_desktop
Short Name
HTTP:STC:MOZILLA:JSCRIPT-CLIP
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Access CVE-2004-0902 Clipboard JavaScript Mozilla bid:11170
Release Date
09/16/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Mozilla
Suse
Conectiva
CVSS Score
10.0