HTTP: Mozilla Firefox Plugin Access Control Vulnerability
This signature detects attempts to download a maliciously crafted HTML document containing JavaScript code. This code is designed to trick the Mozilla Firefox Web browser into executing arbitrary code in the wrong context.
Extended Description
Reportedly a remote code execution vulnerability affects Mozilla Firefox. This issue is due to a failure of the application to properly restrict the access rights of Web content. An attacker may leverage this issue to compromise security of the affected browser; by exploiting this issue along with others (BIDs 12465 and 12466) it is possible to execute arbitrary code. It should be noted that although only version 1.0 is reported vulnerable, other versions may be vulnerable as well.
Affected Products
Red_hat enterprise_linux_es
References
BugTraq: 12655
CVE: CVE-2005-0527
URL: http://www.mozilla.org/security/announce/mfsa2005-27.html http://securitytracker.com/alerts/2005/Feb/1013301.html
Short Name
HTTP:STC:MOZILLA:PLUGIN-ACL
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Access CVE-2005-0527 Control Firefox Mozilla Plugin Vulnerability bid:12655
Release Date
03/23/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Occasionally
Vendors
Red_hat
Gentoo
Hp
Mozilla
Sgi
Mandriva
Netscape
CVSS Score
5.1