Language Selection

English French German Italian Portuguese Spanish

Mozilla Linux Command Line URL Parsing Security Flaw Reported

Filed under

A critical input validation security vulnerability affecting Linux versions of Mozilla Firefox and the Mozilla Application Suite has been reported today. The flaw could allow an attacker to execute arbitrary commands on a victim's system. The bug exists in the Linux shell scripts that Firefox and the Mozilla Application Suite rely on to parse URLs supplied on the command line or by external programs. If the supplied URL contains any Linux commands enclosed in backticks, these will be executed before Firefox or the Mozilla Application Suite tries to open the URL. Variables such as $HOME will also be expanded.

While this flaw cannot be exploited solely from within Firefox or the Mozilla Application Suite itself, an attacker could take advantage of the vulnerability by tricking a victim into following a malicious link in an external program (say, an email client or instant messenging application) on a Linux system where Firefox or the Mozilla Application Suite is the default browser.

Full Article.


More in Tux Machines


Red Hat and Fedora

Leftovers: Ubuntu

Red Hat eyes app platform leader with Samsung

Red Hat, the world's leading mobile application platform provider, says it will create an unprecedented partnership model with Samsung, a move it has been pushing to provide converged mobile systems at the enterprise level. Read more