[bressers@redhat.com: CVE request (mozilla)]
Martin Schulze
joey at infodrom.org
Tue Sep 20 04:14:46 UTC 2005
This is CAN-2005-2968
----- Forwarded message from Josh Bressers <bressers at redhat.com> -----
Steve,
It has been discovered that URLs passed to mozilla on the command line are
fed directly into the shell, allowing for arbitrary command execution. The
real potential for attack comes from user doing things like clicking on
URLs in something like xchat:
https://bugzilla.mozilla.org/show_bug.cgi?id=307185
Thanks.
--
JB
_______________________________________________
Vendor Security mailing list
Vendor Security at lst.de
https://www.lst.de/cgi-bin/mailman/listinfo/vendor-sec
----- End forwarded message -----
--
Linux - the choice of a GNU generation.
More information about the pkg-mozilla-maintainers
mailing list