CAN-2005-2968: Arbitrary code execution in Firefox and Mozilla
Mike Hommey
mh at glandium.org
Wed Sep 21 07:27:27 UTC 2005
On Wed, Sep 21, 2005 at 06:17:15AM +0200, Martin Schulze
<joey at infodrom.org> wrote:
> ====================================================== Candidate:
> CAN-2005-2968 URL:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2968
> Final-Decision: Interim-Decision: Modified: Proposed: Assigned:
> 20050919 Category: SF Reference:
> CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=307185 Reference:
> SECUNIA:16869 Reference: URL:http://secunia.com/advisories/16869
>
> Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary
> commands via shell metacharacters in a URL that is provided to the
> browser on the command line, which is sent unfiltered to bash.
AFAICS this one doesn't apply to debian's firefox, which script is not
the upstream one and does some command line filtering.
Cheers
Mike
More information about the pkg-mozilla-maintainers
mailing list