HTTP MSIE Multiple Style Tags Code Exec

[Sander]

Norton Symantec Antivirus (version 14.0.4.1) gives me this security threat: ​http://www.symantec.com/avcenter/attack_sigs/s21657.html

I use FireFox (not IE)

[Alfonso Martínez de Lizarrondo]

I have downloaded their demo version (15.0.0.58) and it doesn't give me any warning trying to load ​http://www.fckeditor.net/demo

Do you see the error in any page with FCKeditor?
does it happens with previous versions (2.4.3 ...)?
I guess that it also happens if you try to use IE, correct?

[Jesse Brand]

Symantec Antivirus (using version 14.0.3.3) identifies the editor as a HTTP MSIE Multiple Style Tags Exec. This only seems to occur when running a web application locally. I also have not been able to reproduce this in IE(7) but I have encountered it on FF2.0.0.11 and I believe previous versions had this problem as well.

The specific threat check can be disabled in the worm protection in Symantec but that's just a workaround. The issue did not arise in previous versions of the FCKeditor.

The following message can be obtained in the error console: uncaught exception: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIXMLHttpRequest.send]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: ​http://****/fckeditor-2.5.0/editor/js/fckeditorcode_gecko.js :: anonymous :: line 67" data: no]

[Wojciech Olchawa]

I've tried to reproduce this bug with Norton Antivirus 15.5.0.23. I've tested FCKeditor 2.6 and the SVN version on IE and FF2 and didn't encounter any security threats.

Does the bug still occur to you in with the current release of FCKeditor?

Please let us know.

[Frederico Caldeira Knabben]

Expired.