Full Disclosure mailing list archives
Re: More URI Handling Vulnerabilites (FireFox Remote Command Execution)
From: Daniel Veditz <dveditz () cruzio com>
Date: Wed, 25 Jul 2007 17:21:51 -0700
Billy Rios wrote:
I've posted a PoC for remote command execution in Firefox (2.0.0.5), Netscape Navigator 9, and mozilla at: http://xs-sniper.com/blog/2007/07/24/remote-command-execution-in-firefox-2005/ These specific examples are built for WinXP SP2 WITH NO OTHER EXTERNAL EMAIL programs installed. Users with Outlook, notes, or other external mail programs installed may have had their URI handlers modified by the external program.
You must also upgrade to IE7, the examples will not work with IE6. You must have something registered to handle mailto: or Firefox won't even try. It doesn't matter what, though: IE7 appears to have introduced a change such that mailto:<foo>%00<bar> completely bypasses the registered protocol handler for mailto: (and a few other "web" protocols). You can follow Mozilla's progress dealing with this issue at https://bugzilla.mozilla.org/show_bug.cgi?id=389580 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- More URI Handling Vulnerabilites (FireFox Remote Command Execution) Billy Rios (Jul 25)
- Re: More URI Handling Vulnerabilites (FireFox Remote Command Execution) Daniel Veditz (Jul 25)