Gravità: : Medio
  Data notifica: 15 febbraio 2011

  Descrizione

Multiple web browsers are prone to a JavaScript key-filtering vulnerability because the browsers fail to securely handle keystroke input from users. Exploiting this issue requires that users manually type sensitive data. This may require substantial typing from targeted users, so attackers will likely use keyboard-based games, blogs, or other similar pages to entice users to enter the required keyboard input to exploit this issue. This vulnerability is related to the issue described in BID 18038 (Multiple Vendor Web Browser JavaScript Key Filtering Vulnerability).

  Informazioni esposizione:

Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.

  Soluzioni

  Trend Micro Deep Security DPI Rule Number: 1001240
  Trend Micro Deep Security DPI Rule Name: 1001240 - Mozilla Firefox JavaScript Multiple Fields Key Filtering Vulnerability

  Software e versione interessati:

  • Apple Safari 3 Beta
  • Apple Safari 1.0
  • Apple Safari 1.1
  • Apple Safari 3.0.1 Beta
  • Apple Safari 3.0.1 Beta for Windows
  • Apple Safari 3.0.2 Beta
  • Apple Safari 3.0.2 Beta for Windows
  • Apple Safari 3.0.3
  • Apple Safari 3.0.4 Beta for Windows
  • Mozilla Firefox 1.5.0.1
  • Mozilla Firefox 1.5.0.10
  • Mozilla Firefox 1.5.0.11
  • Mozilla Firefox 1.5.0.2
  • Mozilla Firefox 1.5.0.3
  • Mozilla Firefox 1.5.0.4
  • Mozilla Firefox 1.5.0.5
  • Mozilla Firefox 1.5.0.6
  • Mozilla Firefox 1.5.0.7
  • Mozilla Firefox 1.5.0.9
  • Mozilla Firefox 2.0
  • Mozilla Firefox 2.0 RC2
  • Mozilla Firefox 2.0 RC3
  • Mozilla Firefox 2.0 beta 1
  • Mozilla Firefox 2.0.0.10
  • Mozilla Firefox 2.0.0.11
  • Mozilla Firefox 2.0.0.3
  • Mozilla Firefox 2.0.0.2
  • Mozilla Firefox 1.5
  • Mozilla Firefox 1.5 .6
  • Mozilla Firefox 1.5 .8
  • Mozilla Firefox 1.5 12
  • Mozilla Firefox 1.5 beta 1
  • Mozilla Firefox 1.5 beta 2
  • Mozilla Firefox 2.0 .1
  • Mozilla Firefox 2.0 .10
  • Mozilla Firefox 2.0 .3
  • Mozilla Firefox 2.0 .4
  • Mozilla Firefox 2.0 .5
  • Mozilla Firefox 2.0 .6
  • Mozilla Firefox 2.0 .7
  • Mozilla Firefox 2.0 .9
  • Mozilla Firefox 2.0 8
  • Netscape Navigator 9.0 4