Language Selection

English French German Italian Portuguese Spanish

Mozilla Linux Command Line URL Parsing Security Flaw Reported

Filed under
Moz/FF
Security

A critical input validation security vulnerability affecting Linux versions of Mozilla Firefox and the Mozilla Application Suite has been reported today. The flaw could allow an attacker to execute arbitrary commands on a victim's system. The bug exists in the Linux shell scripts that Firefox and the Mozilla Application Suite rely on to parse URLs supplied on the command line or by external programs. If the supplied URL contains any Linux commands enclosed in backticks, these will be executed before Firefox or the Mozilla Application Suite tries to open the URL. Variables such as $HOME will also be expanded.

While this flaw cannot be exploited solely from within Firefox or the Mozilla Application Suite itself, an attacker could take advantage of the vulnerability by tricking a victim into following a malicious link in an external program (say, an email client or instant messenging application) on a Linux system where Firefox or the Mozilla Application Suite is the default browser.

Full Article.

Upgrade.

More in Tux Machines

More From Red Hat Summit

Android Leftovers

Ubuntu 16.10 Alpha 1 to Come Only in Ubuntu MATE, Ubuntu Kylin & Lubuntu Flavors

In only two days from the moment of writing this article, we will be able to get a very early taste of the upcoming Ubuntu 16.10 (Yakkety Yak) operating system, as the first Alpha build should be released, as planned, on June 30, 2016. Read more

Lenovo and Red Hat advance partnership with telco push

Two Triangle tech titans are teaming up to create cloud solutions for the changing telco space: Lenovo and Red Hat. It’s not their first collaboration, says Brian Connors, vice president of next generation IT and business development in Lenovo’s Research Triangle Park-based Data Center Group. Red Hat even invested in Lenovo’s RTP executive briefing center, where its technology is currently “displayed prominently as customers come in." Read more