TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
210
code, Mozilla browsers do not update window.location property correctly. An attacker can create a javascript: URI
containing eval(), cause the user to visit a web site in a different domain, and then programmatically cause the web
browser to return to the previous javascript: page to trigger the cross-domain violation. The violation will also occur if
the user manually clicks the "Back" button to return to the javascript: page. This vulnerability can be used to steal
cookies or other confidential data from the target site. When this attack is combined with CVE-2005-1477 it is possible
to execute arbitrary code.This vulnerability is reported in all versions of Mozilla Firefox browsers up to 1.0.3.
Signature ID: 1444
Mozilla Firefox Install Method IconURL Parameter Java Script Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-1477
Bugtraq: 13544
Signature Description: XPInstall is a cross-platform software installation method used by Mozilla-based browsers. By
default the installation of web browser extension is downloaded from addons.mozilla.org and update.mozilla.org. The
installation of an extension can be achieved using script code. A vulnerability exists in Mozilla Firefox 1.0.3 which
may execute JavaScript contained within the IconURL parameter of InstallTrigger.install() with chrome privileges. The
IconURL parameter indicates a location of an icon image file, which is displayed in a web browser. The IconURL
parameter accepts JavaScript URLs (in-line JavaScript) as input. By using an eval() call in that URL arbitrary code can
be executed with elevated privilege. By default only the Mozilla Update site is allowed to attempt software installation
but users can allow other sites. By convincing a user to view an HTML document (e.g., a web page), an attacker could
execute arbitrary commands or code with the privileges of the user. This vulnerability is reported in all versions of
Mozilla Firefox browsers up to 1.0.3. Upgrade to Firefox version 1.0.4 or later to address this issue.
Signature ID: 1446
Mozilla Firefox and Mozilla Suite Script Security Manager Security Check Bypass Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-1531 Bugtraq: 13641
Signature Description: Mozilla based browsers have a Script Security Manager which imposes some restrictions
(security checks) to execute java script on certain protocols such as HTTP and FTP. A vulnerability exists in Mozilla
Firefox and Mozilla Suite when view-source: and jar: pseudo protocols are used. Some security checks intended to
prevent script injection in Security Manager were incorrect and could be bypassed by wrapping a javascript: url in the
view-source: or jar: pseudo-protocol. A remote attacker can create a specially-crafted view-source: or jar: protocol
URL and embed a malicious JavaScript URL which, once the victim loads the file, would allow the attacker to execute
arbitrary code on the system with privileges of the victim's system. Mozilla Suite versions 1.x and below are prone to
this vulnerability. Update the Mozilla Firefox suite with versions 2.x and above to resolve this issue.
Signature ID: 1447
MSIE JPEG Image Rendering Library Memory Corruption Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-1988 CVE-2005-2308 Bugtraq: 14282,14284,14285,14286
Signature Description: The Image rendering library is used to display JPEG files in Internet Explorer doesn't properly
handle crafted JPEG images. The vulnerability specifically exists in mshtml.dll due to a lack of boundary checks in the
JPEG decoder functions. A remote attacker can create a malicious JPEG image which, once the image is viewed, could
allow the attacker to execute arbitrary code on the system with privileges of the victim or create a denial of service
condition. An attacker could exploit this vulnerability by creating a malicious Web page or an HTML e-mail message
and then persuading the user to visit the page or to view the HTML e-mail message. Microsoft Internet Explorer
versions 5.x of SP1 to SP4 are prone to this vulnerability. Administrators are advised to install the updates mentioned
in MS05-038.