Intrusion Prevention

Mozilla.Firefox.Location.Hostname.NULL.Byte.Spoofing

Description

This indicates an attempt to exploit a Domain Name Spoofing vulnerability in Mozilla based browsers.
The vulnerability is caused by an error when the software handles a "hostname DOM property" with a null byte. It may allow remote attackers to bypass the "same origin" policy.

Affected Products

Firefox before 1.5.0.10
Firefox 2.x before 2.0.0.2
SeaMonkey before 1.0.8

Impact

Security Bypass.

Recommended Actions

Upgrade to the latest version,available from the web site:
http://www.mozilla.org/en-US/firefox/new/

CVE References

CVE-2007-0981