GEN:SID | 1:1841 |
Message | WEB-CLIENT Javascript URL host spoofing attempt |
Summary | This event is generated when a client on the protected network has possibly visited a website containing malicious javascript code.
|
Impact | Minimal
|
Detailed Information | Certain versions of Mozilla and Netscape may allow script code to access local cookie data.
By accessing a maliciously coded webpage, a users cookie data from any domain may be viewed by the website's administrator.
|
Affected Systems | Mozilla versions prior to 1.0.1 Netscape versions prior to 6.2.1
|
Attack Scenarios | A devious website admin creates a webpage with malicious code and obtains sensitive cookie data from a visiting user's web browser about any domain he wishes.
|
Ease of Attack | Simple
|
Corrective Action | Upgrade to the latest non-affected version of the software.
|
Additional References | Bugtraq: http://www.securityfocus.com/bid/5293
|
Rule References | bugtraq: 5293
|