Threat Monitor
Troj.Downloader.JS.Agent.ee
| Aliases: | |
|---|---|
| Pattern: | 200909081330 |
| Threat Type | Propagation Methods | Systems Affected | Risk Level |
|---|---|---|---|
|
|
|
This malicious program exploits vulnerability CVE-2009-2654.
Mozilla Firefox is prone to a Code Execution Vulnerability. The vulnerability is caused due to an error when opening a new window for a malformed domain. The vulnerability allows remote attackers to spoof the address bar via a crafted Web page that calls window.open with an invalid character in the URL. The invalid character can be a "," or "%". And then use document.write() to place content within the new document, finally, it calls the stop method during the loading of the error page. This could result in the user disclosing confidential information to the malicious site, known as a phishing attack.
Affected Versions: Mozilla Firefox 3.0.11
Mozilla Firefox is prone to a Code Execution Vulnerability. The vulnerability is caused due to an error when opening a new window for a malformed domain. The vulnerability allows remote attackers to spoof the address bar via a crafted Web page that calls window.open with an invalid character in the URL. The invalid character can be a "," or "%". And then use document.write() to place content within the new document, finally, it calls the stop method during the loading of the error page. This could result in the user disclosing confidential information to the malicious site, known as a phishing attack.
Affected Versions: Mozilla Firefox 3.0.11
