HTTP: Microsoft Internet Explorer OnBeforeUnload JavaScript Address Bar Spoofing
This signature detects attempts to exploit a known address bar spoofing vulnerability in Microsoft Internet Explorer. It is due to improper resource handling when the user navigates through address bar to a trusted site. An attacker can exploit this by constructing a specially crafted Web page to spoof the legitimate site. In a successful exploit, the victim believes he had left a Web page (after entering an address in the address bar) and the address bar implies that too, but in reality, Internet Explorer is prevented from doing so and it continues to display assorted content originating from the attacker.
Extended Description
Microsoft Internet Explorer is prone to a vulnerability that allows attackers to trap users at a particular webpage and spoof page transitions. Attackers may exploit this via a malicious page to spoof the contents and origin of a page that the victim may trust. This vulnerability may be useful in phishing or other attacks that rely on content spoofing. Internet Explorer 7 is vulnerable to this issue; other versions may also be affected.
Affected Products
Microsoft internet_explorer
Short Name
HTTP:STC:ON-BEFORE-UNLOAD
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Address Bar CVE-2007-3826 Explorer Internet JavaScript Microsoft OnBeforeUnload Spoofing bid:24911
Release Date
10/13/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3360
False Positive
Unknown
Vendors
Nortel_networks
Hp
Microsoft
CVSS Score
9.3