HTTP: Mozilla Firefox OnKeyDown Event File Upload

This signature detects attempts to exploit a known vulnerability against Mozilla Firefox OnKeyDown. A successful attack can lead to the upload of an arbitrary file.

Extended Description

Mozilla Firefox is prone to an information-disclosure vulnerability that can allow an attacker to access sensitive files. This issue stems from a design error resulting from the improper handling of form fields. All versions of Firefox are considered vulnerable.

Affected Products

Suse linux_professional

References

BugTraq: 24725

CVE: CVE-2007-3511

Short Name
HTTP:STC:MOZILLA:ONKEYDOWN-FU
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2007-3511 Event File Firefox Mozilla OnKeyDown Upload bid:24725
Release Date
09/29/2014
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown
Vendors

Red_hat

Suse

Sun

Rpath

Mozilla

Avaya

Slackware

Ubuntu

Mandriva

Foresight_linux

Debian

CVSS Score

4.3

Found a potential security threat?