[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Mozilla Security Advisory 2004-07-08

To: <dveditz@xxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Mozilla Security Advisory 2004-07-08
From: "Berend-Jan Wever" <skylined@xxxxxxxxxxxxxxx>
Date: Fri, 9 Jul 2004 03:31:13 +0200

The advisory mentions that combining this with a BoF can result in remote code 
execution, but they totally forget to mention that formatstring exploits, 
integeroverflows, XSS, SQL injection, etc... might cause the same problems too. 
I bet they just read FD and didn't think for themselves. As far as I can see, 
this bug allows an attacker to remotely abuse any vulnerability a local program 
might be subject to, thus making any local exploit a possible remote exploit.

Cheers,
SkyLined
----- Original Message ----- 
From: <dveditz@xxxxxxxxxx>
To: <full-disclosure@xxxxxxxxxxxxxxxx>
Sent: Friday, July 09, 2004 00:36
Subject: [Full-Disclosure] Mozilla Security Advisory 2004-07-08


> Mozilla Security Advisory
> July 7, 2004
> 
> Summary:    Windows shell: scheme exposed in Mozilla
> Products:   Mozilla (Suite)
>             Mozilla Firefox
>             Mozilla Thunderbird
> Fixed in:   Mozilla (Suite) 1.7.1
>             Mozilla Firefox 0.9.2
>             Mozilla Thunderbird 0.7.2
> 
> 
> Description:
>     Windows versions of Mozilla products pass URIs using the shell: scheme
>     to the OS for handling. The effects depend on the version of windows,
>     but on Windows XP it is possible to launch executables in known
>     locations or the default handlers for file extensions. It could be
>     possible to combine this effect with a known buffer overrun in one
>     of these programs to create a remote execution exploit, although
>     at this time we have confirmed only denial-of-service type attacks
>     (including crashing the system in some cases).
> 
> Solution:
>     We urge people to install the patch available on mozilla.org or
>     install the latest version of the software.
> 
>     http://www.mozilla.org/security/shell.html
> 
> -Dan Veditz
> Mozilla Security Group
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Mozilla Security Advisory 2004-07-08
  - From: Gary Flynn

References:
- [Full-Disclosure] Mozilla Security Advisory 2004-07-08
  - From: dveditz

Prev by Date: RE: [Full-Disclosure] How big is the danger of IE?
Next by Date: RE: [Full-Disclosure] How big is the danger of IE?
Previous by thread: [Full-Disclosure] Mozilla Security Advisory 2004-07-08
Next by thread: Re: [Full-Disclosure] Mozilla Security Advisory 2004-07-08
Index(es):
- Date
- Thread