SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Web Browser)  >  Mozilla Browser Vendors:  Mozilla.org
Mozilla Lets Remote Users Launch Local Windows Applications Via the 'shell:' Protocol
SecurityTracker Alert ID:  1010669
SecurityTracker URL:  http://securitytracker.com/id?1010669
CVE Reference:  CAN-2004-0648   (Links to External Site)
Updated:  Jul 13 2004
Original Entry Date:  Jul 9 2004
Impact:  Denial of service via network, Execution of arbitrary code via network
Fix Available:  Yes   Exploit Included:  Yes   Vendor Confirmed:  Yes  
Version(s): prior to 1.7.1
Description:  A vulnerability was reported in Mozilla in the processing of the Windows 'shell:' protocol. A remote user can create HTML that, when loaded by the target user, can invoke certain Windows-based applications.

Mozilla confirmed that the bug reported by Joshua Perrymon affects Mozilla when running on Windows-based systems.

When the target is running Windows XP, a remote user can cause executables in certain known locations to be executed on the target user's system. If the target executable application contains a locally exploitable vulnerability, it is possible that the vulnerability can be exploited remotely via Mozilla.
Impact:  A remote user can cause a target application on the target user's system to be executed. This can be exploited to cause denial of service conditions or to exploit potential vulnerabilities in the target application.
Solution:  The vendor has released a fixed version (1.7.1), available at:

http://www.mozilla.org/download.html

A patch is also available at:

http://www.mozilla.org/security/shell.html
Vendor URL:  www.mozilla.org/security/shell.html (Links to External Site)
Cause:  Access control error
Underlying OS:  Windows (Any)
Reported By:  dveditz@cruzio.com
Message History:   None.

 Source Message Contents
Date:  Thu, 8 Jul 2004 22:36:48 GMT
From:  dveditz@cruzio.com
Subject:  [Full-Disclosure] Mozilla Security Advisory 2004-07-08

 

Mozilla Security Advisory
July 7, 2004

Summary:    Windows shell: scheme exposed in Mozilla
Products:   Mozilla (Suite)
            Mozilla Firefox
            Mozilla Thunderbird
Fixed in:   Mozilla (Suite) 1.7.1
            Mozilla Firefox 0.9.2
            Mozilla Thunderbird 0.7.2


Description:
    Windows versions of Mozilla products pass URIs using the shell: scheme
    to the OS for handling. The effects depend on the version of windows,
    but on Windows XP it is possible to launch executables in known
    locations or the default handlers for file extensions. It could be
    possible to combine this effect with a known buffer overrun in one
    of these programs to create a remote execution exploit, although
    at this time we have confirmed only denial-of-service type attacks
    (including crashing the system in some cases).

Solution:
    We urge people to install the patch available on mozilla.org or
    install the latest version of the software.

    http://www.mozilla.org/security/shell.html

-Dan Veditz
Mozilla Security Group


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC