Short Name |
HTTP:BROWSER-WINDOW-INJECTION |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Multiple Web Browsers Window Injection |
Release Date |
2013/07/15 |
Update Number |
2282 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against multiple web browsers. The issue arises when victim visits a malicious site via their browser and follows a link to a trusted site. Once the link to the trusted site is followed, the victim must open a popup window from the trusted site that can be influenced by the attacker's site. A successful exploit may allow a remote attacker to carry out phishing attacks.
Microsoft Internet Explorer is reported prone to a vulnerability that may allow a website to hijack the contents of a trusted window. This issue may allow a remote attacker to carry out phishing attacks. This issue arises as a user visits a malicious site and follows a link to a trusted site. Once the link to the trusted site is followed, the victim must open a popup window from the trusted site that can be influenced by the attacker's site. If the attack is successful, the contents of the target site's window can be spoofed, resulting in phishing attacks.