CAN-2005-2968: Arbitrary code execution in Firefox and Mozilla
Martin Schulze
joey at infodrom.org
Wed Sep 21 04:17:15 UTC 2005
======================================================
Candidate: CAN-2005-2968
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2968
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20050919
Category: SF
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=307185
Reference: SECUNIA:16869
Reference: URL:http://secunia.com/advisories/16869
Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary
commands via shell metacharacters in a URL that is provided to the
browser on the command line, which is sent unfiltered to bash.
Regards,
Joey
--
In the beginning was the word, and the word was content-type: text/plain
More information about the pkg-mozilla-maintainers
mailing list