HTTP: Mozilla Sidebar
This signature detects HTTP sessions that open a sidebar in a Mozilla-based browser. Mozilla Firefox 1.01 and earlier do not apply security policies to sidebars. Malicious Web servers can exploit existing browser vulnerabilities with the user's permission level.
Extended Description
Mozilla Firefox is prone to a vulnerability that could allow remote code execution. This may occur if a malicious Web page is bookmarked as a sidebar panel. The malicious page may then reportedly open a privileged page and inject JavaScript. This may be leveraged to execute arbitrary code as the victim client user.
Affected Products
Mozilla firefox
References
BugTraq: 12884
CVE: CVE-2005-0402
URL: http://www.mozilla.org/security/announce/mfsa2005-31.html http://securitytracker.com/alerts/2005/Mar/1013520.html
Short Name
HTTP:STC:MOZILLA:SIDEBAR
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2005-0402 Mozilla Sidebar bid:12884
Release Date
06/21/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Mozilla
Netscape
Gentoo
CVSS Score
2.6