Technical Description

A vulnerability was identified in Mozilla Suite and Mozilla Firefox for Linux, which may be exploited by attackers to execute arbitrary commands. This flaw is due to an input validation error when processing, via the shell script used by Firefox to parse URLs supplied by external programs, a specially crafted URL containing malicious shell commands enclosed within backquote characters, which could be exploited by remote attackers to compromise a vulnerable system by convincing a user to click on a malicious link via an external program (e.g. Thunderbird or Evolution).

Example : # firefox http://local\`find\`host (will execute the command "find").

Affected Products

Mozilla Firefox version 1.0.6 (Linux) and prior
Mozilla Suite version 1.7.11 (Linux) and prior
Mozilla Thunderbird version 1.0.6 (Linux) and prior

Solution

Upgrade to Mozilla Firefox 1.0.7 or Mozilla Suite 1.7.12 :
http://www.mozilla.org/products/
Upgrade to Mozilla Thunderbird 1.0.7 :
http://www.mozilla.org/products/thunderbird/

References

http://www.vupen.com/english/advisories/2005/1794
https://bugzilla.mozilla.org/show_bug.cgi?id=307185

Credits

Vulnerability reported by Peter Zelezny

ChangeLog

2005-09-20 : Initial release
2005-09-21 : Updated affected products and solution
2005-09-22 : Updated affected products and solution
2005-10-01 : Updated solution (Thunderbird)

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.