CERTA-2004-AVI-261
Vulnerability from certfr_avis

Une vulnérabilité des navigateurs Netscape et Mozilla permet à un utilisateur distant d'exécuter du code arbitraire sur la machine vulnérable.

Description

Une vulnérabilité a été découverte dans la gestion du procotole SOAP (Simple Object Access Protocol) par les navigateurs Netscape et Mozilla.

Un utilisateur distant mal intentionné peut exploiter cette vulnérabilité par le biais d'une page HTML habilement forgée pour exécuter du code arbitraire.

Contournement provisoire

Désactiver le javascript.

Solution

La version 1.7.1 de Mozilla corrige cette vulnérabilité (cf. section Documentation).

Netscape n'a pas fourni d'information concernant cette vulnérabilité.

None
Impacted products
Vendor Product Description
Mozilla N/A Netscape versions 7.x.
Mozilla N/A Mozilla versions 1.6 et antérieures ;
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Netscape versions 7.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Mozilla versions 1.6 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans la gestion du procotole SOAP\n(Simple Object Access Protocol) par les navigateurs Netscape et\nMozilla.  \n\nUn utilisateur distant mal intentionn\u00e9 peut exploiter cette\nvuln\u00e9rabilit\u00e9 par le biais d\u0027une page HTML habilement forg\u00e9e pour\nex\u00e9cuter du code arbitraire.\n\n## Contournement provisoire\n\nD\u00e9sactiver le javascript.\n\n## Solution\n\nLa version 1.7.1 de Mozilla corrige cette vuln\u00e9rabilit\u00e9 (cf. section\nDocumentation).  \n\nNetscape n\u0027a pas fourni d\u0027information concernant cette vuln\u00e9rabilit\u00e9.\n",
  "cves": [],
  "initial_release_date": "2004-08-03T00:00:00",
  "last_revision_date": "2004-08-03T00:00:00",
  "links": [
    {
      "title": "Site web de la fondation Mozilla :",
      "url": "http://www.mozilla.org"
    }
  ],
  "reference": "CERTA-2004-AVI-261",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-08-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 des navigateurs Netscape et Mozilla permet \u00e0 un\nutilisateur distant d\u0027ex\u00e9cuter du code arbitraire sur la machine\nvuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9 des navigateurs Netscape et Mozilla",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 de iDefense du 02 ao\u00fbt 2004",
      "url": "http://www.idefense.com/application/poi/display?id=117"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.