Multiple Vendor Web Browser JavaScript Multiple Fields Key Filtering Vulnerability
Gravità: : Medio
Data notifica: 15 febbraio 2011
Descrizione
Multiple web browsers are prone to a JavaScript key-filtering
vulnerability because the browsers fail to securely handle keystroke input from
users. Exploiting this issue requires that users manually type sensitive data.
This may require substantial typing from targeted users, so attackers will
likely use keyboard-based games, blogs, or other similar pages to entice users
to enter the required keyboard input to exploit this issue. This vulnerability
is related to the issue described in BID 18038 (Multiple Vendor Web Browser
JavaScript Key Filtering Vulnerability).
Informazioni esposizione:
Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1001240
Trend Micro Deep Security DPI Rule Name: 1001240 - Mozilla Firefox JavaScript Multiple Fields Key Filtering Vulnerability
Software e versione interessati:
- Apple Safari 3 Beta
- Apple Safari 1.0
- Apple Safari 1.1
- Apple Safari 3.0.1 Beta
- Apple Safari 3.0.1 Beta for Windows
- Apple Safari 3.0.2 Beta
- Apple Safari 3.0.2 Beta for Windows
- Apple Safari 3.0.3
- Apple Safari 3.0.4 Beta for Windows
- Mozilla Firefox 1.5.0.1
- Mozilla Firefox 1.5.0.10
- Mozilla Firefox 1.5.0.11
- Mozilla Firefox 1.5.0.2
- Mozilla Firefox 1.5.0.3
- Mozilla Firefox 1.5.0.4
- Mozilla Firefox 1.5.0.5
- Mozilla Firefox 1.5.0.6
- Mozilla Firefox 1.5.0.7
- Mozilla Firefox 1.5.0.9
- Mozilla Firefox 2.0
- Mozilla Firefox 2.0 RC2
- Mozilla Firefox 2.0 RC3
- Mozilla Firefox 2.0 beta 1
- Mozilla Firefox 2.0.0.10
- Mozilla Firefox 2.0.0.11
- Mozilla Firefox 2.0.0.3
- Mozilla Firefox 2.0.0.2
- Mozilla Firefox 1.5
- Mozilla Firefox 1.5 .6
- Mozilla Firefox 1.5 .8
- Mozilla Firefox 1.5 12
- Mozilla Firefox 1.5 beta 1
- Mozilla Firefox 1.5 beta 2
- Mozilla Firefox 2.0 .1
- Mozilla Firefox 2.0 .10
- Mozilla Firefox 2.0 .3
- Mozilla Firefox 2.0 .4
- Mozilla Firefox 2.0 .5
- Mozilla Firefox 2.0 .6
- Mozilla Firefox 2.0 .7
- Mozilla Firefox 2.0 .9
- Mozilla Firefox 2.0 8
- Netscape Navigator 9.0 4