Full Disclosure mailing list archives
Re: Mozilla Security Advisory 2004-07-08
From: "Berend-Jan Wever" <skylined () edup tudelft nl>
Date: Fri, 9 Jul 2004 03:31:13 +0200
The advisory mentions that combining this with a BoF can result in remote code execution, but they totally forget to mention that formatstring exploits, integeroverflows, XSS, SQL injection, etc... might cause the same problems too. I bet they just read FD and didn't think for themselves. As far as I can see, this bug allows an attacker to remotely abuse any vulnerability a local program might be subject to, thus making any local exploit a possible remote exploit. Cheers, SkyLined ----- Original Message ----- From: <dveditz () cruzio com> To: <full-disclosure () lists netsys com> Sent: Friday, July 09, 2004 00:36 Subject: [Full-disclosure] Mozilla Security Advisory 2004-07-08
Mozilla Security Advisory July 7, 2004 Summary: Windows shell: scheme exposed in Mozilla Products: Mozilla (Suite) Mozilla Firefox Mozilla Thunderbird Fixed in: Mozilla (Suite) 1.7.1 Mozilla Firefox 0.9.2 Mozilla Thunderbird 0.7.2 Description: Windows versions of Mozilla products pass URIs using the shell: scheme to the OS for handling. The effects depend on the version of windows, but on Windows XP it is possible to launch executables in known locations or the default handlers for file extensions. It could be possible to combine this effect with a known buffer overrun in one of these programs to create a remote execution exploit, although at this time we have confirmed only denial-of-service type attacks (including crashing the system in some cases). Solution: We urge people to install the patch available on mozilla.org or install the latest version of the software. http://www.mozilla.org/security/shell.html -Dan Veditz Mozilla Security Group _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Mozilla Security Advisory 2004-07-08 dveditz (Jul 08)
- Re: Mozilla Security Advisory 2004-07-08 Berend-Jan Wever (Jul 08)
- Re: Mozilla Security Advisory 2004-07-08 Gary Flynn (Jul 09)
- Re: Mozilla Security Advisory 2004-07-08 Berend-Jan Wever (Jul 09)
- Re: Mozilla Security Advisory 2004-07-08 Gary Flynn (Jul 09)
- <Possible follow-ups>
- RE: Mozilla Security Advisory 2004-07-08 Perrymon, Josh L. (Jul 09)
- RE: Mozilla Security Advisory 2004-07-08 Perrymon, Josh L. (Jul 09)
- RE: Mozilla Security Advisory 2004-07-08 Common Account (Jul 09)
- Re: Mozilla Security Advisory 2004-07-08 Wall, Kevin (Jul 09)
- Re: Mozilla Security Advisory 2004-07-08 Berend-Jan Wever (Jul 08)