SSL: Mozilla SSLv2 Client
This signature detects attempts to exploit a known vulnerability in the Mozilla Network Security Services SSLv2 Client. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.
Extended Description
The Mozilla Foundation has released six security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird. These vulnerabilities allow attackers to: - Execute arbitrary code - Cause denial-of-service conditions - Perform cross-site scripting attacks - Obtain potentially sensitive information - Spoof legitimate content Other attacks may also be possible. UPDATE: Firefox 2.0.0.10 is still vulnerable to the issue outlined in MFSA 2007-02. Pages followed through 'href' links and embedded iframes inherit the character set of parent pages when a user has manually set the browser charset.
Affected Products
Sun java_system_web_server,Mozilla thunderbird
References
BugTraq: 22694
CVE: CVE-2007-0008
URL: http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
Short Name
SSL:MOZ-SSLV2-CL
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SSL
Keywords
CVE-2007-0008 Client Mozilla SSLv2 bid:22694
Release Date
09/23/2008
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Suse
Gentoo
Sun
Rpath
Mozilla
Turbolinux
Avaya
Sgi
Novell
Pardus
Slackware
Ubuntu
Mandriva
Debian
CVSS Score
6.8