Results 1 to 3 of 3

Thread: Mozilla Flaw Lets Links Run Arbitrary Programs

  1. #1
    Head Honcho Administrator Reverend's Avatar
    Join Date
    Apr 2002
    Location
    England
    Posts
    14,044

    Mozilla Flaw Lets Links Run Arbitrary Programs

    Security researchers are reporting another security issue in Web browsing under Windows, but this time Internet Explorer is not the culprit. The Mozilla Foundation's Mozilla and Firefox are reported as vulnerable.

    The reports indicate that links in a Web page using the "shell:" protocol can execute arbitrary programs on the user's system. The attacker would have to know the location in the file system of the program, but there are known programs in Windows with buffer overflows. This means the attacker could create a link in a Web page that could execute arbitrary code under Windows. Through the use of an appropriate META tag, the attack could load without the user having to click a link explicitly.

    Other researchers reported that certain links in Mozilla could cause a denial of service in the system by causing Mozilla to open large numbers of windows and consume 100 percent of CPU capacity.

    An old discussion in the Mozilla bug report database considers the possibility of addressing this problem, but the developers decided against it since the program has a facility for letting the user disallow specific external protocols, including shell:. It is not disabled by default, though.Internet Explorer is reported as being less vulnerable. When the user clicks on the link, it opens an "open/save" dialog box in which the user is allowed either to run the program, save it to disk or cancel. Mozilla and Firefox simply run the program without any further user action.

    The shell: syntax works only on Windows XP systems. According to one report, similar functionality is available on Windows 2000 but with different syntax.

    eWEEK.com tested the reported vulnerability on Mozilla Firefox and confirmed the reported behavior. We also confirmed the appearance of the open/save dialog on Windows XP SP1. In our tests on Windows XP SP2, links with the shell: protocol failed to operate at all.

    eWEEK

    =========== Please Read The Forum Rules ===========

  2. #2
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    Last edited by lynchknot; July 8th, 2004 at 22:34 PM.

  3. #3
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,852
    Article with some good links giving brief Description of problem
    http://osdir.com/Article1207.phtml

    Site to test if your FireFox/Mozilla is vunerable, or fixed
    http://www.mccanless.us/mozilla/mozilla_bugs.htm

    --- 0wN3D by 3gG ---

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •