Mozilla 1.0.6 critical vulnerability

Using applications, configuring, problems
Post Reply
Message
Author
russ
Posts: 48
Joined: Wed 09 May 2007, 01:17

Mozilla 1.0.6 critical vulnerability

#1 Post by russ »

The below critical advisory is found here:
http://www.frsirt.com/english/advisories/2005/1794

Advisory ID : FrSIRT/ADV-2005-1794
CVE ID : CVE-2005-2968
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-09-20

Technical Description Receive your personalized alerts in a Text format Receive your personalized alerts in a PDF format Receive your personalized alerts in an XML format

A vulnerability was identified in Mozilla Suite and Mozilla Firefox for Linux, which may be exploited by attackers to execute arbitrary commands. This flaw is due to an input validation error when processing, via the shell script used by Firefox to parse URLs supplied by external programs, a specially crafted URL containing malicious shell commands enclosed within backquote characters, which could be exploited by remote attackers to compromise a vulnerable system by convincing a user to click on a malicious link via an external program (e.g. Thunderbird or Evolution).

Example : # firefox http://local\`find\`host (will execute the command "find").

Affected Products

Mozilla Firefox version 1.0.6 (Linux) and prior
Mozilla Suite version 1.7.11 (Linux) and prior
Mozilla Thunderbird version 1.0.6 (Linux) and prior

Solution

Upgrade to Mozilla Firefox 1.0.7 or Mozilla Suite 1.7.12 :
http://www.mozilla.org/products/
Upgrade to Mozilla Thunderbird 1.0.7 :
http://www.mozilla.org/products/thunderbird/

References

http://www.frsirt.com/english/advisories/2005/1794
https://bugzilla.mozilla.org/show_bug.cgi?id=307185

Credits

Vulnerability reported by Peter Zelezny

ChangeLog

2005-09-20 : Initial release
2005-09-21 : Updated affected products and solution
2005-09-22 : Updated affected products and solution
2005-10-01 : Updated solution (Thunderbird)

Vulnerability Management

Receive up-to-the-minute alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available. Subscribe to FrSIRT VNS.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Click here to find out more!


Latest Security Advisories and Vulnerabilities :

Asterisk IMAP Backend Storage for Voicemail Denial of Service Vulnerability
Bugzilla Multiple Parameter Cross Site Scripting and Command Injection Issues
Alpha Centauri Software SIDVault Login Mechanism Buffer Overflow Vulnerability
Live for Speed Packets Handling Buffer Overflow and Denial of Service Issues
MapServer Buffer Overflow and Multiple Cross Site Scripting Vulnerabilities
Polipo POST Request Processing Remote Denial of Service Vulnerability
Sophos Anti-Virus UPX and BZIP Processing Denial of Service Vulnerabilities
Sylpheed and Sylpheed-Claws POP3 "inc_put_error()" Format String Vulnerability
Grandstream GXV3000 Remote Eavesdropping and Denial of Service Vulnerability
Skulltag Huffman Decompression Packet Handling Heap Overflow Vulnerability
2532|Gigs "language" Parameter Processing Local File Inclusion Vulnerability
Ipswitch WS_FTP Server FTP Command Logging Script Insertion Vulnerability
Ubuntu Security Update Fixes Mozilla Thunderbird Code Execution Vulnerabilities

russ
Posts: 48
Joined: Wed 09 May 2007, 01:17

Seamonkey

#2 Post by russ »

I would guess that the above would apply to Seamonkey too.

User avatar
trapster
Posts: 2117
Joined: Mon 28 Nov 2005, 23:14
Location: Maine, USA
Contact:

#3 Post by trapster »

What's with the 2 yr old notices???
trapster
Maine, USA

Asus eeepc 1005HA PU1X-BK
Frugal install: Slacko
Currently using full install: DebianDog

russ
Posts: 48
Joined: Wed 09 May 2007, 01:17

#4 Post by russ »

so SEamonkey 1.0.6 is not the same as Mozilla 1.0.6?

Bruce B

#5 Post by Bruce B »

russ wrote:so SEamonkey 1.0.6 is not the same as Mozilla 1.0.6?
True.

But that doesn't necessarily mean that Puppy's default SeaMonkey is equal to the newest SeaMonkey in terms of unfixed vulnerabilities.

Known vulnerabilities


To each his own, but I run the newest version of SeaMonkey.

Post Reply