July 8th, 2004, 20:45 PM
Mozilla Flaw Lets Links Run Arbitrary Programs
Security researchers are reporting another security issue in Web browsing under Windows, but this time Internet Explorer is not the culprit. The Mozilla Foundation's Mozilla and Firefox are reported as vulnerable.
The reports indicate that links in a Web page using the "shell:" protocol can execute arbitrary programs on the user's system. The attacker would have to know the location in the file system of the program, but there are known programs in Windows with buffer overflows. This means the attacker could create a link in a Web page that could execute arbitrary code under Windows. Through the use of an appropriate META tag, the attack could load without the user having to click a link explicitly.
Other researchers reported that certain links in Mozilla could cause a denial of service in the system by causing Mozilla to open large numbers of windows and consume 100 percent of CPU capacity.
An old discussion in the Mozilla bug report database considers the possibility of addressing this problem, but the developers decided against it since the program has a facility for letting the user disallow specific external protocols, including shell:. It is not disabled by default, though.Internet Explorer is reported as being less vulnerable. When the user clicks on the link, it opens an "open/save" dialog box in which the user is allowed either to run the program, save it to disk or cancel. Mozilla and Firefox simply run the program without any further user action.
The shell: syntax works only on Windows XP systems. According to one report, similar functionality is available on Windows 2000 but with different syntax.
eWEEK.com tested the reported vulnerability on Mozilla Firefox and confirmed the reported behavior. We also confirmed the appearance of the open/save dialog on Windows XP SP1. In our tests on Windows XP SP2, links with the shell: protocol failed to operate at all.
July 8th, 2004, 21:17 PM
Last edited by lynchknot; July 8th, 2004 at 22:34 PM.
July 12th, 2004, 01:29 AM
Article with some good links giving brief Description of problem
Site to test if your FireFox/Mozilla is vunerable, or fixed
--- 0wN3D by 3gG ---