Check Point Advisories

Preemptive Protection against Mozilla Firefox Cross Domain Scripting Vulnerability

Check Point Reference: CPAI-2007-035
Date Published: 15 Mar 2007
Severity: Medium
Last Updated: Monday 30 April, 2007
Source: Secunia Advisory: SA24175
Industry Reference:CVE-2007-0981
Protection Provided by:
Who is Vulnerable? Mozilla Firefox version 2.0.0.1 and prior
Vulnerability Description A cross-domain vulnerability has been reported in Firefox and in SeaMonkey - Mozilla based browsers. Mozilla SeaMonkey is a free, open source, and cross-platform Internet suite. Mozilla Firefox is a cross-platform popular web browser. A remote attacker could exploit this vulnerability to compromise sensitive information via a specially crated HTML document.
Update/Patch AvaliableUpgrade to Mozilla Firefox version 2.0.0.2 or 1.5.0.10:
http://www.mozilla.com/firefox/

Upgrade to Mozilla SeaMonkey version 1.0.8:
http://www.mozilla.org/projects/seamonkey/

Vulnerability DetailsThe flaw is due to an origin validation error in the browsers that fail to properly handle the 'location.hostname' parameters that have embedded null characters. An attacker can trigger this flaw by convincing a user to view a specially crafted HTML document. Successful exploitation could allow attackers to steal cookies, modify domain data and conduct other attacks.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK