FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

firefox & mozilla -- command line URL shell command injection

Affected packages
firefox < 1.0.7,1
linux-firefox < 1.0.7
mozilla < 1.7.12,2
1.8.*,2 <= mozilla
linux-mozilla < 1.7.12
0 < linux-mozilla-devel
0 <= netscape7
0 <= de-linux-mozillafirebird
0 <= el-linux-mozillafirebird
0 <= ja-linux-mozillafirebird-gtk1
0 <= ja-mozillafirebird-gtk2
0 <= linux-mozillafirebird
0 <= ru-linux-mozillafirebird
0 <= zhCN-linux-mozillafirebird
0 <= zhTW-linux-mozillafirebird
0 <= de-linux-netscape
0 <= de-netscape7
0 <= fr-linux-netscape
0 <= fr-netscape7
0 <= ja-linux-netscape
0 <= ja-netscape7
0 <= linux-netscape
0 <= linux-phoenix
0 <= mozilla+ipv6
0 <= mozilla-embedded
0 <= mozilla-firebird
0 <= mozilla-gtk
0 <= mozilla-gtk1
0 <= mozilla-gtk2
0 <= mozilla-thunderbird
0 <= phoenix
0 <= pt_BR-netscape7

Details

VuXML ID 2e28cefb-2aee-11da-a263-0001020eed82
Discovery 2005-09-06
Entry 2005-09-22
Modified 2005-10-26

A Secunia Advisory reports:

Peter Zelezny has discovered a vulnerability in Firefox, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within backticks in the URL provided via the command line. This can e.g. be exploited to execute arbitrary shell commands by tricking a user into following a malicious link in an external application which uses Firefox as the default browser.

References

CVE Name CVE-2005-2968
URL http://secunia.com/advisories/16869/
URL http://www.mozilla.org/security/announce/mfsa2005-59.html
URL https://bugzilla.mozilla.org/show_bug.cgi?id=307185