Re: [Full-Disclosure] Mozilla Security Advisory 2004-07-08

From: Berend-Jan Wever (skylined_at_edup.tudelft.nl)
Date: 07/09/04

Next message: Larry Seltzer: "RE: [Full-Disclosure] How big is the danger of IE?"

Previous message: bipin gautam: "[Full-Disclosure] Norton AntiVirus Scanner Remote Denial Of Service Vulnerability [Part: !!!]"
In reply to: dveditz_at_cruzio.com: "[Full-Disclosure] Mozilla Security Advisory 2004-07-08"
Next in thread: Gary Flynn: "Re: [Full-Disclosure] Mozilla Security Advisory 2004-07-08"
Reply: Gary Flynn: "Re: [Full-Disclosure] Mozilla Security Advisory 2004-07-08"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <dveditz@cruzio.com>, <full-disclosure@lists.netsys.com>
Date: Fri, 9 Jul 2004 03:31:13 +0200

The advisory mentions that combining this with a BoF can result in remote code execution, but they totally forget to mention that formatstring exploits, integeroverflows, XSS, SQL injection, etc... might cause the same problems too. I bet they just read FD and didn't think for themselves. As far as I can see, this bug allows an attacker to remotely abuse any vulnerability a local program might be subject to, thus making any local exploit a possible remote exploit.

Cheers,
SkyLined
----- Original Message -----
From: <dveditz@cruzio.com>
To: <full-disclosure@lists.netsys.com>
Sent: Friday, July 09, 2004 00:36
Subject: [Full-Disclosure] Mozilla Security Advisory 2004-07-08

> Mozilla Security Advisory
> July 7, 2004
>
> Summary: Windows shell: scheme exposed in Mozilla
> Products: Mozilla (Suite)
> Mozilla Firefox
> Mozilla Thunderbird
> Fixed in: Mozilla (Suite) 1.7.1
> Mozilla Firefox 0.9.2
> Mozilla Thunderbird 0.7.2
>
>
> Description:
> Windows versions of Mozilla products pass URIs using the shell: scheme
> to the OS for handling. The effects depend on the version of windows,
> but on Windows XP it is possible to launch executables in known
> locations or the default handlers for file extensions. It could be
> possible to combine this effect with a known buffer overrun in one
> of these programs to create a remote execution exploit, although
> at this time we have confirmed only denial-of-service type attacks
> (including crashing the system in some cases).
>
> Solution:
> We urge people to install the patch available on mozilla.org or
> install the latest version of the software.
>
> http://www.mozilla.org/security/shell.html
>
> -Dan Veditz
> Mozilla Security Group
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Larry Seltzer: "RE: [Full-Disclosure] How big is the danger of IE?"

Previous message: bipin gautam: "[Full-Disclosure] Norton AntiVirus Scanner Remote Denial Of Service Vulnerability [Part: !!!]"
In reply to: dveditz_at_cruzio.com: "[Full-Disclosure] Mozilla Security Advisory 2004-07-08"
Next in thread: Gary Flynn: "Re: [Full-Disclosure] Mozilla Security Advisory 2004-07-08"
Reply: Gary Flynn: "Re: [Full-Disclosure] Mozilla Security Advisory 2004-07-08"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]