Re: [Full-Disclosure] Mozilla Security Advisory 2004-07-08

From: Berend-Jan Wever (skylined_at_edup.tudelft.nl)
Date: 07/09/04

  • Next message: Larry Seltzer: "RE: [Full-Disclosure] How big is the danger of IE?"
    To: <dveditz@cruzio.com>, <full-disclosure@lists.netsys.com>
    Date: Fri, 9 Jul 2004 03:31:13 +0200
    
    

    The advisory mentions that combining this with a BoF can result in remote code execution, but they totally forget to mention that formatstring exploits, integeroverflows, XSS, SQL injection, etc... might cause the same problems too. I bet they just read FD and didn't think for themselves. As far as I can see, this bug allows an attacker to remotely abuse any vulnerability a local program might be subject to, thus making any local exploit a possible remote exploit.

    Cheers,
    SkyLined
    ----- Original Message -----
    From: <dveditz@cruzio.com>
    To: <full-disclosure@lists.netsys.com>
    Sent: Friday, July 09, 2004 00:36
    Subject: [Full-Disclosure] Mozilla Security Advisory 2004-07-08

    > Mozilla Security Advisory
    > July 7, 2004
    >
    > Summary: Windows shell: scheme exposed in Mozilla
    > Products: Mozilla (Suite)
    > Mozilla Firefox
    > Mozilla Thunderbird
    > Fixed in: Mozilla (Suite) 1.7.1
    > Mozilla Firefox 0.9.2
    > Mozilla Thunderbird 0.7.2
    >
    >
    > Description:
    > Windows versions of Mozilla products pass URIs using the shell: scheme
    > to the OS for handling. The effects depend on the version of windows,
    > but on Windows XP it is possible to launch executables in known
    > locations or the default handlers for file extensions. It could be
    > possible to combine this effect with a known buffer overrun in one
    > of these programs to create a remote execution exploit, although
    > at this time we have confirmed only denial-of-service type attacks
    > (including crashing the system in some cases).
    >
    > Solution:
    > We urge people to install the patch available on mozilla.org or
    > install the latest version of the software.
    >
    > http://www.mozilla.org/security/shell.html
    >
    > -Dan Veditz
    > Mozilla Security Group
    >
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Larry Seltzer: "RE: [Full-Disclosure] How big is the danger of IE?"