Preemptive Protection against Mozilla Firefox Cross Domain Scripting Vulnerability
| Check Point Reference: | CPAI-2007-035 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory: SA24175 | |
| Industry Reference(s): | CVE-2007-0981 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Mozilla Firefox version 2.0.0.1 and prior | ||
| Vulnerability Description A cross-domain vulnerability has been reported in Firefox and in SeaMonkey - Mozilla based browsers. Mozilla SeaMonkey is a free, open source, and cross-platform Internet suite. Mozilla Firefox is a cross-platform popular web browser. A remote attacker could exploit this vulnerability to compromise sensitive information via a specially crated HTML document. |
||
|
Update/Patch Available Upgrade to Mozilla Firefox version 2.0.0.2 or 1.5.0.10: http://www.mozilla.com/firefox/ Upgrade to Mozilla SeaMonkey version 1.0.8: |
|
|
Vulnerability Details The flaw is due to an origin validation error in the browsers that fail to properly handle the 'location.hostname' parameters that have embedded null characters. An attacker can trigger this flaw by convincing a user to view a specially crafted HTML document. Successful exploitation could allow attackers to steal cookies, modify domain data and conduct other attacks. |
Protection Overview
By enabling this protection, SmartDefense will detect and block malicious HTML documents with malformed parameters. No update is required to address this vulnerability.
To configure the defense, select your product from the list below and follow the related protection steps.
VPN-1 NGX R62
How Can I Protect My Network?
1. In the SmartDefense tab, click Web Intelligence > HTTP Protocol Inspection > ASCII Only Request.
2. In the configuration pane, under Settings > Mode, check Active.
3. Under Block non ASCII characters, enable the following protections:
Block non ASCII Request Headers
Block non ASCII characters in form fields
4. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Ascii Only Request
Attack Information: Invalid character detected in request
VPN-1 NGX R61, R60 & VPN-1 NG with Application Intelligence R55W
How Can I Protect My Network?
1. In the Web Intelligence tree, click Application Intelligence > HTTP Protocol Inspection and enable ASCII Only Request.
2. In the configuration pane, under Block non ASCII characters enable the following protections:
Block non ASCII Request Headers
Block non ASCII characters in form fields
3. Install security policy.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Ascii Only Request
Attack Information: Invalid character detected in request
VPN-1 NG with Application Intelligence R55
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Web > HTTP Protocol Inspection.
2. Enable the following protection:
ASCII Only Request Headers
3. Install security policy.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Ascii Only Request
Attack Information: Invalid character detected in request
VPN-1 VSX NGX
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Web > HTTP Protocol Inspection.
2. Enable the following protection:
ASCII Only Request Headers
3. Install security policy.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Ascii Only Request
Attack Information: Invalid character detected in request
InterSpect NGX
How Can I Protect My Network?
1. In the lefthand menu, click Profiles > Default Protection > Web Intelligence. The Web Intelligence page opens.
2. In the Web Intelligence tree, click HTTP Protocol Inspection > ASCII Only Request.
3. In the configuration pane, under Block non ASCII characters, enable the following protection:
Block non ASCII Request Headers
Block non ASCII characters in form fields
4. Install security policy.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Ascii Only Request
Attack Information: Invalid character detected in request
InterSpect 2.0
How Can I Protect My Network?
1. In the Web Intelligence tree, click Application Intelligence > Web > HTTP Protocol Inspection.
2. Enable the following protection:
ASCII Only Request Headers
3. Install security policy.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Ascii Only Request
Attack Information: Invalid character detected in request
Connectra NGX R62/R61
How Can I Protect My Network?
1. In the left-hand menu, click Security > Web Intelligence.
2. In the HTTP Protocol Inspection pane, select the following:
Enforce ASCII only HTTP Headers
Enforce ASCII only Form Fields
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
Upon attack, the following entries will be logged:
Attack Name: Ascii Only Request
Attack Information: Invalid character detected in request