CERTA-2004-AVI-261

Vulnerability from certfr_avis - Published: 2004-08-03 - Updated: 2004-08-03

Une vulnérabilité des navigateurs Netscape et Mozilla permet à un utilisateur distant d'exécuter du code arbitraire sur la machine vulnérable.

Description

Une vulnérabilité a été découverte dans la gestion du procotole SOAP (Simple Object Access Protocol) par les navigateurs Netscape et Mozilla.

Un utilisateur distant mal intentionné peut exploiter cette vulnérabilité par le biais d'une page HTML habilement forgée pour exécuter du code arbitraire.

Contournement provisoire

Désactiver le javascript.

Solution

La version 1.7.1 de Mozilla corrige cette vulnérabilité (cf. section Documentation).

Netscape n'a pas fourni d'information concernant cette vulnérabilité.

None
Impacted products
Vendor Product Description
Mozilla N/A Netscape versions 7.x.
Mozilla N/A Mozilla versions 1.6 et antérieures ;
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Netscape versions 7.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Mozilla versions 1.6 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans la gestion du procotole SOAP\n(Simple Object Access Protocol) par les navigateurs Netscape et\nMozilla.  \n\nUn utilisateur distant mal intentionn\u00e9 peut exploiter cette\nvuln\u00e9rabilit\u00e9 par le biais d\u0027une page HTML habilement forg\u00e9e pour\nex\u00e9cuter du code arbitraire.\n\n## Contournement provisoire\n\nD\u00e9sactiver le javascript.\n\n## Solution\n\nLa version 1.7.1 de Mozilla corrige cette vuln\u00e9rabilit\u00e9 (cf. section\nDocumentation).  \n\nNetscape n\u0027a pas fourni d\u0027information concernant cette vuln\u00e9rabilit\u00e9.\n",
  "cves": [],
  "initial_release_date": "2004-08-03T00:00:00",
  "last_revision_date": "2004-08-03T00:00:00",
  "links": [
    {
      "title": "Site web de la fondation Mozilla :",
      "url": "http://www.mozilla.org"
    }
  ],
  "reference": "CERTA-2004-AVI-261",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-08-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 des navigateurs Netscape et Mozilla permet \u00e0 un\nutilisateur distant d\u0027ex\u00e9cuter du code arbitraire sur la machine\nvuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9 des navigateurs Netscape et Mozilla",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 de iDefense du 02 ao\u00fbt 2004",
      "url": "http://www.idefense.com/application/poi/display?id=117"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.