Skip to comments.
Extremely Critical Flaw Found in FireFox
Secunia.org ^
| 2005-09-20
| Secunia.org
Posted on 09/22/2005 3:03:17 PM PDT by Bush2000
Extremely Critical Flaw Found in FireFox
Peter Zelezny has discovered a vulnerability in Firefox, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within backticks in the URL provided via the command line. This can e.g. be exploited to execute arbitrary shell commands by tricking a user into following a malicious link in an external application which uses Firefox as the default browser (e.g. the mail client Evolution on Red Hat Enterprise Linux 4).
This vulnerability can only be exploited on Unix / Linux based environments.
The vulnerability has been confirmed in version 1.0.6 on Fedora Core 4 and Red Hat Enterprise Linux 4. Other versions and platforms may also be affected.
TOPICS: Business/Economy; Technical
KEYWORDS: firefox
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-68 next last
1
posted on
09/22/2005 3:03:20 PM PDT
by
Bush2000
To: Bush2000
This problem is unix only and fixed already in 1.07 which is available right now.
To: Bush2000
3
posted on
09/22/2005 3:05:47 PM PDT
by
ecurbh
(Join the Hobbit Hole Troop Support - http://freeper.the-hobbit-hole.net/)
To: Bush2000
Timely, with 1.0.7 already released. A little late to the party, no?
And meanwhile, Microsoft still includes ActiveX in IE.
Which was the worst decision: ActiveX, or MS Bob?
I'd have to go with ActiveX. While both Bob and ActiveX were answers to questions no one asked, ActiveX has caused much more harm.
4
posted on
09/22/2005 3:06:55 PM PDT
by
flashbunny
(Do you believe in the Constitution only until it keeps the government from doing what you want?)
To: Bush2000
OHHH NOOOO...
First Katrina, then Rita NOW THIS!
Were DOOMED I tell you!
5
posted on
09/22/2005 3:16:45 PM PDT
by
Syntyr
(From West Houston Galleria/Memorial area! Locked and Loaded)
To: Syntyr
LOL...not only a CRITICAL flaw, but an "EXTREMELY" CRITICAL flaw!
6
posted on
09/22/2005 3:24:01 PM PDT
by
Lekker 1
("Who the hell wants to hear actors talk?"- Harry M. Warner, Warner Bros., 1927)
To: rdb3; chance33_98; Calvinist_Dark_Lord; Bush2000; PenguinWry; GodGunsandGuts; CyberCowboy777; ...
7
posted on
09/22/2005 3:30:56 PM PDT
by
ShadowAce
(Linux -- The Ultimate Windows Service Pack)
To: Bush2000
I'm running FireFox and it doesn't seem all that scary to me.
8
posted on
09/22/2005 3:34:40 PM PDT
by
putupjob
To: flashbunny
Timely, with 1.0.7 already released. A little late to the party, no?
Oh, right. You're one of those guys who think that releasing a patch is equivalent to patching all vulnerable machines...
It's only going to get harder for you guys. FireFox ain't any more secure than IE or Safari or whatever ...
9
posted on
09/22/2005 3:36:40 PM PDT
by
Bush2000
(Linux -- You Get What You Pay For ... (tm)
To: flashbunny
just ignore Bush2000...
he can't get over the fact that although LINUX is for commies (allegedly), Microsuck is doing business with the Chicoms.....
10
posted on
09/22/2005 3:37:49 PM PDT
by
MikefromOhio
(Hey Fox News, MORE MOLLY, LESS Greta van Talksoutthesideofhermouth)
To: Bush2000
From the Microsoft/Symantec publicity department.
To: MikeinIraq
Get this through your thick skull: I've continually condemned MS for dealing with the ChiComs.
12
posted on
09/22/2005 3:39:27 PM PDT
by
Bush2000
(Linux -- You Get What You Pay For ... (tm)
To: Bush2000
LOL
righto...
anytime now your boy GoldenDoDo will start his crap as well....
13
posted on
09/22/2005 3:41:31 PM PDT
by
MikefromOhio
(Hey Fox News, MORE MOLLY, LESS Greta van Talksoutthesideofhermouth)
To: Bush2000
"FireFox ain't any more secure than IE or Safari or whatever "
Yeah, because I hear firefox plans on adding Active X support soon.
14
posted on
09/22/2005 3:44:03 PM PDT
by
flashbunny
(Do you believe in the Constitution only until it keeps the government from doing what you want?)
To: Syntyr
15
posted on
09/22/2005 3:45:32 PM PDT
by
savedbygrace
("No Monday morning quarterback has ever led a team to victory" GW Bush)
To: Lekker 1
EXTREMELY CRITICAL more accurately describes the security firms that breathlessly report how Mozilla products are so much worse than IE.
16
posted on
09/22/2005 3:46:37 PM PDT
by
savedbygrace
("No Monday morning quarterback has ever led a team to victory" GW Bush)
To: MikeinIraq
anytime now your boy GoldenDoDo will start his crap as well....
He ain't "my boy", lamer.
17
posted on
09/22/2005 3:53:51 PM PDT
by
Bush2000
(Linux -- You Get What You Pay For ... (tm)
To: savedbygrace
this just in......
Opera Web Browser will now launch a browsers riddled with viruses and security flaws so they can make it on the tech news pages too........
18
posted on
09/22/2005 3:55:56 PM PDT
by
postaldave
(dont ask me, i'm just a simple post birth, tissue mass.)
To: Bush2000
19
posted on
09/22/2005 3:58:01 PM PDT
by
steve86
(@)
To: flashbunny
Yeah, because I hear firefox plans on adding Active X support soon.
No need. They have equally insecure "plug-in" support already. Just subsitute "plug-in" for "Active X", and perhaps this will dawn on you.
20
posted on
09/22/2005 3:58:38 PM PDT
by
Bush2000
(Linux -- You Get What You Pay For ... (tm)
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-68 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson