HTTP: Firefox Malformed SVG Index Parameter
This signature detects attempts to exploit a known vulnerability in Mozilla Firefox. An attacker can create a Web site with Web pages containing dangerous SVG calls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
The Mozilla Foundation has released six security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird. These vulnerabilities allow attackers to: - Execute arbitrary code - Cause denial-of-service conditions - Perform cross-site scripting attacks - Obtain potentially sensitive information - Spoof legitimate content Other attacks may also be possible.
Affected Products
Mozilla thunderbird
References
BugTraq: 24242
CVE: CVE-2007-2867
URL: http://www.mozilla.org/security/announce/2007/mfsa2007-12.html
Short Name
HTTP:STC:MOZILLA:MAL-SVG-INDEX
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2007-2867 Firefox Index Malformed Parameter SVG bid:24242
Release Date
04/01/2008
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3759
False Positive
Unknown
Vendors
Red_hat
Suse
Gentoo
Sun
Rpath
Mozilla
Avaya
Sgi
Slackware
Ubuntu
Mandriva
Foresight_linux
Debian
CVSS Score
9.3