HTTP: Firefox Wrapped Javascript
This signature detects attempts to exploit a known vulnerability in Firefox Web browser. Attackers can create a malicious Web page that contains wrapped JavaScript; when viewed in the browser, the JavaScript can execute arbitrary code within the context of the Web browser.
Extended Description
Multiple issues in Mozilla Suite and Firefox allow attackers to bypass security checks in the script security manager. Security checks in the script security manager are designed to prevent script-injection vulnerabilities. An attacker sending certain undisclosed JavaScript in 'view-source:' and 'jar:' pseudo-protocol URIs may bypass these security checks. An undisclosed nested URI, as well as a variant of BID 13216, can reportedly also bypass security checks. Exploiting these vulnerabilities allows remote attackers to run script code with elevated privileges, leading to the installation and execution of malicious applications on an affected computer. Cross-site scripting and other attacks are also likely possible. The vendor has not provided enough information to determine how many specific instances of the issue were addressed, and has not clarified whether or not they have addressed a single general vulnerability or multiple specific vulnerabilities. This BID may be split into separate issues as more information is disclosed. Further details are scheduled to be released in the future. This BID will be updated at that time.
Affected Products
Mozilla browser
Short Name
HTTP:STC:MOZILLA:WRAPPED-JAVA
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2005-1531 Firefox Javascript Wrapped bid:13641
Release Date
05/26/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Red_hat
Sco
Suse
Hp
Mozilla
Sgi
Ubuntu
Netscape
CVSS Score
7.5