Gravité: : Medium
  Date du conseil: 15 février 2011

  Description

Multiple web browsers are prone to a JavaScript key-filtering vulnerability because the browsers fail to securely handle keystroke input from users. Exploiting this issue requires that users manually type sensitive data. This may require substantial typing from targeted users, so attackers will likely use keyboard-based games, blogs, or other similar pages to entice users to enter the required keyboard input to exploit this issue. This vulnerability is related to the issue described in BID 18038 (Multiple Vendor Web Browser JavaScript Key Filtering Vulnerability).

  Information Exposure Rating:

Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.

  Solutions

  Trend Micro Deep Security DPI Rule Number: 1001240
  Trend Micro Deep Security DPI Rule Name: 1001240 - Mozilla Firefox JavaScript Multiple Fields Key Filtering Vulnerability

  Affected software and version:

  • Apple Safari 3 Beta
  • Apple Safari 1.0
  • Apple Safari 1.1
  • Apple Safari 3.0.1 Beta
  • Apple Safari 3.0.1 Beta for Windows
  • Apple Safari 3.0.2 Beta
  • Apple Safari 3.0.2 Beta for Windows
  • Apple Safari 3.0.3
  • Apple Safari 3.0.4 Beta for Windows
  • Mozilla Firefox 1.5.0.1
  • Mozilla Firefox 1.5.0.10
  • Mozilla Firefox 1.5.0.11
  • Mozilla Firefox 1.5.0.2
  • Mozilla Firefox 1.5.0.3
  • Mozilla Firefox 1.5.0.4
  • Mozilla Firefox 1.5.0.5
  • Mozilla Firefox 1.5.0.6
  • Mozilla Firefox 1.5.0.7
  • Mozilla Firefox 1.5.0.9
  • Mozilla Firefox 2.0
  • Mozilla Firefox 2.0 RC2
  • Mozilla Firefox 2.0 RC3
  • Mozilla Firefox 2.0 beta 1
  • Mozilla Firefox 2.0.0.10
  • Mozilla Firefox 2.0.0.11
  • Mozilla Firefox 2.0.0.3
  • Mozilla Firefox 2.0.0.2
  • Mozilla Firefox 1.5
  • Mozilla Firefox 1.5 .6
  • Mozilla Firefox 1.5 .8
  • Mozilla Firefox 1.5 12
  • Mozilla Firefox 1.5 beta 1
  • Mozilla Firefox 1.5 beta 2
  • Mozilla Firefox 2.0 .1
  • Mozilla Firefox 2.0 .10
  • Mozilla Firefox 2.0 .3
  • Mozilla Firefox 2.0 .4
  • Mozilla Firefox 2.0 .5
  • Mozilla Firefox 2.0 .6
  • Mozilla Firefox 2.0 .7
  • Mozilla Firefox 2.0 .9
  • Mozilla Firefox 2.0 8
  • Netscape Navigator 9.0 4