FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

firefox & mozilla -- command line URL shell command injection

Affected packages
		firefox	<	1.0.7,1
		linux-firefox	<	1.0.7
		mozilla	<	1.7.12,2
1.8.*,2	<=	mozilla
		linux-mozilla	<	1.7.12
0	<	linux-mozilla-devel
0	<=	netscape7
0	<=	de-linux-mozillafirebird
0	<=	el-linux-mozillafirebird
0	<=	ja-linux-mozillafirebird-gtk1
0	<=	ja-mozillafirebird-gtk2
0	<=	linux-mozillafirebird
0	<=	ru-linux-mozillafirebird
0	<=	zhCN-linux-mozillafirebird
0	<=	zhTW-linux-mozillafirebird
0	<=	de-linux-netscape
0	<=	de-netscape7
0	<=	fr-linux-netscape
0	<=	fr-netscape7
0	<=	ja-linux-netscape
0	<=	ja-netscape7
0	<=	linux-netscape
0	<=	linux-phoenix
0	<=	mozilla+ipv6
0	<=	mozilla-embedded
0	<=	mozilla-firebird
0	<=	mozilla-gtk
0	<=	mozilla-gtk1
0	<=	mozilla-gtk2
0	<=	mozilla-thunderbird
0	<=	phoenix
0	<=	pt_BR-netscape7

Details

VuXML ID	2e28cefb-2aee-11da-a263-0001020eed82
Discovery	2005-09-06
Entry	2005-09-22
Modified	2005-10-26

A Secunia Advisory reports:

Peter Zelezny has discovered a vulnerability in Firefox, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within backticks in the URL provided via the command line. This can e.g. be exploited to execute arbitrary shell commands by tricking a user into following a malicious link in an external application which uses Firefox as the default browser.

[source]

References

CVE Name	CVE-2005-2968
URL	http://secunia.com/advisories/16869/
URL	http://www.mozilla.org/security/announce/mfsa2005-59.html
URL	https://bugzilla.mozilla.org/show_bug.cgi?id=307185