Multiple Vendor Web Browser JavaScript Multiple Fields Key Filtering Vulnerability
Gravité: : Medium
Date du conseil: 15 février 2011
Description
Multiple web browsers are prone to a JavaScript key-filtering
vulnerability because the browsers fail to securely handle keystroke input from
users. Exploiting this issue requires that users manually type sensitive data.
This may require substantial typing from targeted users, so attackers will
likely use keyboard-based games, blogs, or other similar pages to entice users
to enter the required keyboard input to exploit this issue. This vulnerability
is related to the issue described in BID 18038 (Multiple Vendor Web Browser
JavaScript Key Filtering Vulnerability).
Information Exposure Rating:
Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1001240
Trend Micro Deep Security DPI Rule Name: 1001240 - Mozilla Firefox JavaScript Multiple Fields Key Filtering Vulnerability
Affected software and version:
- Apple Safari 3 Beta
- Apple Safari 1.0
- Apple Safari 1.1
- Apple Safari 3.0.1 Beta
- Apple Safari 3.0.1 Beta for Windows
- Apple Safari 3.0.2 Beta
- Apple Safari 3.0.2 Beta for Windows
- Apple Safari 3.0.3
- Apple Safari 3.0.4 Beta for Windows
- Mozilla Firefox 1.5.0.1
- Mozilla Firefox 1.5.0.10
- Mozilla Firefox 1.5.0.11
- Mozilla Firefox 1.5.0.2
- Mozilla Firefox 1.5.0.3
- Mozilla Firefox 1.5.0.4
- Mozilla Firefox 1.5.0.5
- Mozilla Firefox 1.5.0.6
- Mozilla Firefox 1.5.0.7
- Mozilla Firefox 1.5.0.9
- Mozilla Firefox 2.0
- Mozilla Firefox 2.0 RC2
- Mozilla Firefox 2.0 RC3
- Mozilla Firefox 2.0 beta 1
- Mozilla Firefox 2.0.0.10
- Mozilla Firefox 2.0.0.11
- Mozilla Firefox 2.0.0.3
- Mozilla Firefox 2.0.0.2
- Mozilla Firefox 1.5
- Mozilla Firefox 1.5 .6
- Mozilla Firefox 1.5 .8
- Mozilla Firefox 1.5 12
- Mozilla Firefox 1.5 beta 1
- Mozilla Firefox 1.5 beta 2
- Mozilla Firefox 2.0 .1
- Mozilla Firefox 2.0 .10
- Mozilla Firefox 2.0 .3
- Mozilla Firefox 2.0 .4
- Mozilla Firefox 2.0 .5
- Mozilla Firefox 2.0 .6
- Mozilla Firefox 2.0 .7
- Mozilla Firefox 2.0 .9
- Mozilla Firefox 2.0 8
- Netscape Navigator 9.0 4