| GEN:SID | 1:1841 |
| Message | WEB-CLIENT Javascript URL host spoofing attempt |
| Summary | This event is generated when a client on the protected network has possibly visited a website containing malicious javascript code.
|
| Impact | Minimal
|
| Detailed Information | Certain versions of Mozilla and Netscape may allow script code to access local cookie data.
By accessing a maliciously coded webpage, a users cookie data from any domain may be viewed by the website's administrator.
|
| Affected Systems | Mozilla versions prior to 1.0.1 Netscape versions prior to 6.2.1
|
| Attack Scenarios | A devious website admin creates a webpage with malicious code and obtains sensitive cookie data from a visiting user's web browser about any domain he wishes.
|
| Ease of Attack | Simple
|
| Corrective Action | Upgrade to the latest non-affected version of the software.
|
| Additional References | Bugtraq: http://www.securityfocus.com/bid/5293
|
| Rule References | bugtraq: 5293
|