Check Point Advisories

Legacy Browsers

Check Point Reference: SBP-2010-13
Date Published: 15 Mar 2010
Severity: N/A
Last Updated: Monday 15 March, 2010
Source:
Protection Provided by:

Security Gateway
R81, R80, R77, R75, R71, R70
Who is Vulnerable?
Vulnerability Description Microsoft Internet Explorer (IE), is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems starting in 1995. It has been the most widely used web browser since 1999, attaining a peak of about 95% usage share during 2002 and 2003 with IE5 and IE6. Mozilla Firefox is a free and open source web browser descended from the Mozilla Application Suite and managed by Mozilla Corporation. A Net Applications statistic put Firefox at 24.23% of the recorded usage share of web browsers as of February 2010, making it the second most popular browser in terms of current use worldwide after Microsoft's Internet Explorer. To display web pages, Firefox uses the Gecko layout engine, which implements most current web standards in addition to several features which are intended to anticipate likely additions to the standards. Opera is a web browser and Internet suite developed by the Opera Software company. The browser handles common Internet-related tasks such as displaying web sites, sending and receiving e-mail messages, managing contacts, chatting on IRC clients, downloading files via BitTorrent, and reading Web feeds. Opera is offered free of charge for personal computers and mobile phones. Old versions of these internet browsers are known for their security issues. There are cases in which certain traffic, although not intended for malicious use, is very unsafe, since it may transfer shellcode which is undetectable by IPS.

Protection Overview

This protection will detect and block the following legacy browsers: Microsoft Internet Explorer 5, Firefox 2.0, Opera 9.2, Opera 9.0, Opera 8.5, Opera 8.0, and Opera 7.02.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75 / R71 / R70

  1. In the IPS tab, click Protections and find the Legacy Browsers protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Web Client Enforcement Violation.
Attack Information:  Legacy Browsers

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK