Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Extremely Critical Flaw Found in FireFox
Secunia.org ^ | 2005-09-20 | Secunia.org

Posted on 09/22/2005 3:03:17 PM PDT by Bush2000

Extremely Critical Flaw Found in FireFox

Peter Zelezny has discovered a vulnerability in Firefox, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within backticks in the URL provided via the command line. This can e.g. be exploited to execute arbitrary shell commands by tricking a user into following a malicious link in an external application which uses Firefox as the default browser (e.g. the mail client Evolution on Red Hat Enterprise Linux 4).

This vulnerability can only be exploited on Unix / Linux based environments.

The vulnerability has been confirmed in version 1.0.6 on Fedora Core 4 and Red Hat Enterprise Linux 4. Other versions and platforms may also be affected.


TOPICS: Business/Economy; Technical
KEYWORDS: firefox
Navigation: use the links below to view more comments.
first 1-2021-4041-6061-68 next last

1 posted on 09/22/2005 3:03:20 PM PDT by Bush2000
[ Post Reply | Private Reply | View Replies]

To: Bush2000

This problem is unix only and fixed already in 1.07 which is available right now.


2 posted on 09/22/2005 3:05:12 PM PDT by Mount Athos
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000

Previous thread on this: http://www.freerepublic.com/focus/f-news/1488895/posts

"The flaw can only be exploited on Unix or Linux based environments and can be fixed by upgrading to Firefox 1.0.7."


3 posted on 09/22/2005 3:05:47 PM PDT by ecurbh (Join the Hobbit Hole Troop Support - http://freeper.the-hobbit-hole.net/)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000

Timely, with 1.0.7 already released. A little late to the party, no?

And meanwhile, Microsoft still includes ActiveX in IE.

Which was the worst decision: ActiveX, or MS Bob?

I'd have to go with ActiveX. While both Bob and ActiveX were answers to questions no one asked, ActiveX has caused much more harm.


4 posted on 09/22/2005 3:06:55 PM PDT by flashbunny (Do you believe in the Constitution only until it keeps the government from doing what you want?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000

OHHH NOOOO...
First Katrina, then Rita NOW THIS!

Were DOOMED I tell you!


5 posted on 09/22/2005 3:16:45 PM PDT by Syntyr (From West Houston Galleria/Memorial area! Locked and Loaded)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Syntyr

LOL...not only a CRITICAL flaw, but an "EXTREMELY" CRITICAL flaw!


6 posted on 09/22/2005 3:24:01 PM PDT by Lekker 1 ("Who the hell wants to hear actors talk?"- Harry M. Warner, Warner Bros., 1927)
[ Post Reply | Private Reply | To 5 | View Replies]

To: rdb3; chance33_98; Calvinist_Dark_Lord; Bush2000; PenguinWry; GodGunsandGuts; CyberCowboy777; ...

7 posted on 09/22/2005 3:30:56 PM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000

I'm running FireFox and it doesn't seem all that scary to me.


8 posted on 09/22/2005 3:34:40 PM PDT by putupjob
[ Post Reply | Private Reply | To 1 | View Replies]

To: flashbunny
Timely, with 1.0.7 already released. A little late to the party, no?

Oh, right. You're one of those guys who think that releasing a patch is equivalent to patching all vulnerable machines...

It's only going to get harder for you guys. FireFox ain't any more secure than IE or Safari or whatever ...
9 posted on 09/22/2005 3:36:40 PM PDT by Bush2000 (Linux -- You Get What You Pay For ... (tm)
[ Post Reply | Private Reply | To 4 | View Replies]

To: flashbunny

just ignore Bush2000...

he can't get over the fact that although LINUX is for commies (allegedly), Microsuck is doing business with the Chicoms.....


10 posted on 09/22/2005 3:37:49 PM PDT by MikefromOhio (Hey Fox News, MORE MOLLY, LESS Greta van Talksoutthesideofhermouth)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Bush2000

From the Microsoft/Symantec publicity department.


11 posted on 09/22/2005 3:38:53 PM PDT by stinkerpot65
[ Post Reply | Private Reply | To 1 | View Replies]

To: MikeinIraq

Get this through your thick skull: I've continually condemned MS for dealing with the ChiComs.


12 posted on 09/22/2005 3:39:27 PM PDT by Bush2000 (Linux -- You Get What You Pay For ... (tm)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Bush2000

LOL

righto...

anytime now your boy GoldenDoDo will start his crap as well....


13 posted on 09/22/2005 3:41:31 PM PDT by MikefromOhio (Hey Fox News, MORE MOLLY, LESS Greta van Talksoutthesideofhermouth)
[ Post Reply | Private Reply | To 12 | View Replies]

To: Bush2000

"FireFox ain't any more secure than IE or Safari or whatever "

Yeah, because I hear firefox plans on adding Active X support soon.


14 posted on 09/22/2005 3:44:03 PM PDT by flashbunny (Do you believe in the Constitution only until it keeps the government from doing what you want?)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Syntyr

http://images.fedex.com/us/about/advertising/tvads/drama1.mov


15 posted on 09/22/2005 3:45:32 PM PDT by savedbygrace ("No Monday morning quarterback has ever led a team to victory" GW Bush)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Lekker 1

EXTREMELY CRITICAL more accurately describes the security firms that breathlessly report how Mozilla products are so much worse than IE.


16 posted on 09/22/2005 3:46:37 PM PDT by savedbygrace ("No Monday morning quarterback has ever led a team to victory" GW Bush)
[ Post Reply | Private Reply | To 6 | View Replies]

To: MikeinIraq
anytime now your boy GoldenDoDo will start his crap as well....

He ain't "my boy", lamer.
17 posted on 09/22/2005 3:53:51 PM PDT by Bush2000 (Linux -- You Get What You Pay For ... (tm)
[ Post Reply | Private Reply | To 13 | View Replies]

To: savedbygrace
this just in......

Opera Web Browser will now launch a browsers riddled with viruses and security flaws so they can make it on the tech news pages too........

18 posted on 09/22/2005 3:55:56 PM PDT by postaldave (dont ask me, i'm just a simple post birth, tissue mass.)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Bush2000

Patched it YESTERDAY.


19 posted on 09/22/2005 3:58:01 PM PDT by steve86 (@)
[ Post Reply | Private Reply | To 1 | View Replies]

To: flashbunny
Yeah, because I hear firefox plans on adding Active X support soon.

No need. They have equally insecure "plug-in" support already. Just subsitute "plug-in" for "Active X", and perhaps this will dawn on you.
20 posted on 09/22/2005 3:58:38 PM PDT by Bush2000 (Linux -- You Get What You Pay For ... (tm)
[ Post Reply | Private Reply | To 14 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-6061-68 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson