TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
209
in the Firefox sidebar. A vulnerability exists in Mozilla Firefox versions prior to 1.0.3 caused by improper validation of
user-supplied information in the processing within the Sidebar _search target. By convincing a user to open a privileged
page (like 'about:config' or 'about:plugins'), then use a ('javascript:' or 'data:') URL to access the privileged data or
install arbitrary code on victim's computer. Successful exploitation allows installation of malicious code or steal data
without user interaction. Administrators are advised to upgrade to patched version. This signature detects, if in address
tag found "java script:" pattern.
Signature ID: 1441
Mozilla Firefox Sidebar Panel _search target Script Code Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-1158
Bugtraq: 13231
Signature Description: Mozilla Firefox is a free, open source, cross-platform graphical web browser. Firefox provides a
facility to load the web pages in sidebar web panel. Sites can use the _search target (like target=_search") to open links
in the Firefox sidebar. A vulnerability exists in Mozilla Firefox versions prior to 1.0.3 caused by improper validation of
user-supplied information in the processing within the Sidebar _search target. By convincing a user to open a privileged
page (like 'about:config' or 'about:plugins'), then use a ('javascript:' or 'data:') URL to access the privileged data or
install arbitrary code on victim's computer. Successful exploitation allows installation of malicious code or steal data
without user interaction. Administrators are advised to upgrade to patched version. This signature detects, if in address
tag found "data:text/plain" pattern.
Signature ID: 1442
Microsoft Compressed HTML Help (CHM) File transfer attempt Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0002 CVE-2004-0380 Bugtraq: 2456,9658
Signature Description: Microsoft Compressed HTML Help is a proprietary format for online help files. Local and
remote programs may distribute help information along with their application, expecting it to be launched by users
when the programs are run. Several potential vulnerabilities exists with Microsoft Windows and Internet Explorer
while accessing a CHM file. Microsoft Internet Explorer 5.0.1 SP1, Microsoft Internet Explorer 6.0, Microsoft Internet
Explorer 5.5 SP2, Microsoft Internet Explorer 5.5 SP1 version may allow an attacker to gain access to the path of the
temporary internet files folder on a remote machine. <br>Microsoft Internet Explorer 5.0.1 SP4, Microsoft Internet
Explorer 5.0.1 SP3, Microsoft Internet Explorer 5.0.1 SP2, Microsoft Internet Explorer 5.0.1 SP1, Microsoft Internet
Explorer 5.0.1, Microsoft Internet Explorer 6.0 SP1, Microsoft Internet Explorer 6.0, Microsoft Internet Explorer 5.5
SP2, Microsoft Internet Explorer 5.5 SP1, Microsoft Internet Explorer 5.5 preview, Microsoft Internet Explorer 5.5
these versions may allows hostile content to be interpreted in the Local Zone. Therefore this signature detects any .chm
file transfer in an HTTP response when user access external web sites. CHM files also have proper usage and user can
trust them when he visits the trusted sources.
Signature ID: 1443
Mozilla IFRAME SRC Javascript Execution in the Context of Other Domain Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-1476
Bugtraq: 13544
Signature Description: IFrame (Inline Frame) is an HTML element which makes it possible to embed another HTML
document inside the main document. The Mozilla browsers support IFRAME and they use same origin security model
to maintain separation between browser frames from different sources. Mozilla considers two pages to have the same
origin if the protocol, port (if given), and host are the same for both pages. A window object can be used to represent a
HTML page so that both main HTML Page and its IFRAME page is represented by two separate window objects. But
the window object of the IFRAME element can be accessed using a script in its parent window. For example, the main
window can use the window.history property of an IFRAME window to navigate through its browsing history. A cross-
site scripting vulnerability exists because Mozilla does not properly validate the source domain of some URLs stored in
the browser history. When a user navigates through browsing history of IFRAME element that contains Javascript