Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:9769
HistorySep 21, 2005 - 12:00 a.m.

Firefox Command Line URL Shell Command Injection

2005-09-2100:00:00
vulners.com
18
JSON

Secunia Advisory: SA16869
Release Date: 2005-09-20

Critical:
Extremely critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch

Software: Mozilla Firefox 1.x

Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

CVE reference: CAN-2005-2968

Description:
Peter Zelezny has discovered a vulnerability in Firefox, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within backticks in the URL provided via the command line. This can e.g. be exploited to execute arbitrary shell commands by tricking a user into following a malicious link in an external application which uses Firefox as the default browser (e.g. the mail client Evolution on Red Hat Enterprise Linux 4).

This vulnerability can only be exploited on Unix / Linux based environments.

The vulnerability has been confirmed in version 1.0.6 on Fedora Core 4 and Red Hat Enterprise Linux 4. Other versions and platforms may also be affected.

Solution:
Do not open links in Firefox from external applications.

Provided and/or discovered by:
Peter Zelezny

Original Advisory:
https://bugzilla.mozilla.org/show_bug.cgi?id=307185

Related

nessus 15
cve 1
openvas 6
ubuntu 2
checkpoint_advisories 1
cvelist 1
freebsd 1
ubuntucve 1
cert 1
redhat 2
centos 2
debian 4
osv 2
nessus
nessus
FreeBSD : firefox & mozilla -- command line URL shell command injection (2e28cefb-2aee-11da-a263-0001020eed82)
2006-05-13 00:00:00
Ubuntu 4.10 / 5.04 : mozilla, mozilla-firefox vulnerabilities (USN-186-1)
2006-01-15 00:00:00
RHEL 4 : thunderbird (RHSA-2005:791)
2005-10-11 00:00:00
cve
cve
CVE-2005-2968
2005-09-20 22:03:00
openvas
openvas
FreeBSD Ports: firefox
2008-09-04 00:00:00
FreeBSD Ports: firefox
2008-09-04 00:00:00
Debian Security Advisory DSA 866-1 (mozilla)
2008-01-17 00:00:00
ubuntu
ubuntu
Mozilla and Firefox vulnerabilities
2005-09-23 00:00:00
Thunderbird vulnerabilities
2005-10-11 00:00:00
checkpoint_advisories
checkpoint_advisories
Mail Content Firefox Command Line URL Shell Command Injection (CVE-2005-2968)
2009-10-22 00:00:00
cvelist
cvelist
CVE-2005-2968
2005-09-20 04:00:00
freebsd
freebsd
firefox & mozilla -- command line URL shell command injection
2005-09-06 00:00:00
ubuntucve
ubuntucve
CVE-2005-2968
2005-09-20 00:00:00
cert
cert
Mozilla Firefox fails to properly sanitize user-supplied URIs via shell script
2005-09-22 00:00:00
redhat
redhat
(RHSA-2005:791) thunderbird security update
2005-10-06 00:00:00
(RHSA-2005:785) firefox security update
2005-09-22 00:00:00
centos
centos
thunderbird security update
2005-10-06 23:10:29
firefox security update
2005-09-22 22:46:14
debian
debian
[SECURITY] [DSA 868-1] New Mozilla Thunderbird packages fix several vulnerabilities
2005-10-20 15:11:33
[SECURITY] [DSA 868-1] New Mozilla Thunderbird packages fix several vulnerabilities
2005-10-20 00:00:00
[SECURITY] [DSA 866-1] New Mozilla packages fix several vulnerabilities
2005-10-20 05:44:19
osv
osv
mozilla-thunderbird - several
2005-10-20 00:00:00
mozilla - several
2005-10-20 00:00:00
JSON
Related for SECURITYVULNS:DOC:9769
nessus15cve1openvas6ubuntu2checkpoint_advisories1cvelist1freebsd1ubuntucve1cert1redhat2centos2debian4osv2