FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- code execution via Quicktime media-link files

Affected packages
firefox < 2.0.0.7,1
linux-firefox < 2.0.0.7
linux-seamonkey < 1.1.5
seamonkey < 1.1.5
linux-firefox-devel < 3.0.a2007.12.12
linux-seamonkey-devel < 2.0.a2007.12.12
0 < firefox-ja
0 < linux-mozilla
0 < linux-mozilla-devel
0 < mozilla

Details

VuXML ID 3ce8c7e2-66cf-11dc-b25f-02e0185f8d72
Discovery 2007-09-18
Entry 2007-09-19
Modified 2007-12-14

The Mozilla Foundation reports a vulnerability within the mozilla browser. This vulnerability also affects various other browsers like firefox and seamonkey. The vulnerability is caused by QuickTime Media-Link files that contain a qtnext attribute. This could allow an attacker to start the browser with arbitrary command-line options. This could allow the attacker to install malware, steal local data and possibly execute and/or do other arbitrary things within the users context.

References

CVE Name CVE-2006-4965
URL http://www.mozilla.org/security/announce/2007/mfsa2007-28.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.