Re: [Full-Disclosure] Mozilla Security Advisory 2004-07-08

From: Berend-Jan Wever (
Date: 07/09/04

  • Next message: Larry Seltzer: "RE: [Full-Disclosure] How big is the danger of IE?"
    To: <>, <>
    Date: Fri, 9 Jul 2004 03:31:13 +0200

    The advisory mentions that combining this with a BoF can result in remote code execution, but they totally forget to mention that formatstring exploits, integeroverflows, XSS, SQL injection, etc... might cause the same problems too. I bet they just read FD and didn't think for themselves. As far as I can see, this bug allows an attacker to remotely abuse any vulnerability a local program might be subject to, thus making any local exploit a possible remote exploit.

    ----- Original Message -----
    From: <>
    To: <>
    Sent: Friday, July 09, 2004 00:36
    Subject: [Full-Disclosure] Mozilla Security Advisory 2004-07-08

    > Mozilla Security Advisory
    > July 7, 2004
    > Summary: Windows shell: scheme exposed in Mozilla
    > Products: Mozilla (Suite)
    > Mozilla Firefox
    > Mozilla Thunderbird
    > Fixed in: Mozilla (Suite) 1.7.1
    > Mozilla Firefox 0.9.2
    > Mozilla Thunderbird 0.7.2
    > Description:
    > Windows versions of Mozilla products pass URIs using the shell: scheme
    > to the OS for handling. The effects depend on the version of windows,
    > but on Windows XP it is possible to launch executables in known
    > locations or the default handlers for file extensions. It could be
    > possible to combine this effect with a known buffer overrun in one
    > of these programs to create a remote execution exploit, although
    > at this time we have confirmed only denial-of-service type attacks
    > (including crashing the system in some cases).
    > Solution:
    > We urge people to install the patch available on or
    > install the latest version of the software.
    > -Dan Veditz
    > Mozilla Security Group
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter:

    Full-Disclosure - We believe in it.

  • Next message: Larry Seltzer: "RE: [Full-Disclosure] How big is the danger of IE?"