HTTP: Javascript Obfuscator
This signature detects scripts obfuscated (made unclear) with JavaScript. This is a technique commonly used by malicious Web sites to hide the malicious nature of the Web pages being downloaded by a user. A successful attack allows the Web page creator to take control of the victim's system.
Extended Description
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.
Affected Products
Redhat enterprise_linux_server_eus
References
URL: https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html https://helpx.adobe.com/security/products/flash-player/apsa15-04.html https://helpx.adobe.com/security/products/flash-player/apsb15-18.html https://bugzilla.mozilla.org/show_bug.cgi?id=768101 http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows https://forsec.nl/2014/11/cve-2014-6332-internet-explorer-msf-module http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02 https://bugzilla.mozilla.org/show_bug.cgi?id=1321066 https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/
Short Name
HTTP:STC:SCRIPT:STRFMCC-MUL-BAS
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Javascript Obfuscator
Release Date
09/28/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Rarely
Vendors
Suse
Redhat
Mozilla
Opensuse
Debian
Canonical