Executive Summary
Summary | |
---|---|
Title | Mozilla Firefox URI filtering vulnerability |
Informations | |||
---|---|---|---|
Name | VU#783400 | First vendor Publication | 2007-07-26 |
Vendor | VU-CERT | Last vendor Modification | 2007-07-31 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#783400Mozilla Firefox URI filtering vulnerabilityOverviewMozilla Firefox does not filter input when sending certain URIs to registered protocol handlers. This may allow a remote, authenticated attacker to use Firefox as a vector for executing commands on a vulnerable system.I. DescriptionA Uniform Resource Identifier (URI) is a string of characters that can be used to identify a location, resource, or protocol. Mozilla Firefox will rely on Microsoft Windows to determine the appropriate protocol handler for certain URIs that it does not handle internally.Firefox does not filter data passed to certain URI protocol handlers. This allows Firefox to be used as an attack vector for vulnerabilities in other applications. For example, Firefox can be used as an attack vector for the vulnerability in how Microsoft Windows itself determines the appropriate protocol handler [VU#403150]. Public exploit code for this vulnerability exists, which uses mailto, news, nntp, snews, and telnet URI handlers.
network.protocol-handler.warn-external.mailto network.protocol-handler.warn-external.news network.protocol-handler.warn-external.nntp network.protocol-handler.warn-external.snews Workarounds for administrators Blocking mailto:%00, nntp:%00, news:%00, snews:%00, telnet:%00 strings inside of HTML pages or other network streams using an application layer firewall or IPS may mitigate this vulnerability. See the xs-sniper blog for more information about known vulnerable URIs. Please note that these filters may only work for the public exploit code that is currently available. Other variations of the exploit code can bypass these restrictions. Systems Affected
Referenceshttp://www.kb.cert.org/vuls/id/403150 This vulnerability was disclosed by Billy (BK) Rios. This document was written by Ryan Giobbi, Jeff Gennari, and Will Dormann..
|
Original Source
Url : http://www.kb.cert.org/vuls/id/783400 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17637 | |||
Oval ID: | oval:org.mitre.oval:def:17637 | ||
Title: | USN-503-1 -- mozilla-thunderbird vulnerabilities | ||
Description: | Various flaws were discovered in the layout and JavaScript engines. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-503-1 CVE-2007-3734 CVE-2007-3735 CVE-2007-3844 CVE-2007-3670 CVE-2007-3845 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 | Product(s): | mozilla-thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18682 | |||
Oval ID: | oval:org.mitre.oval:def:18682 | ||
Title: | DSA-1346-1 iceape | ||
Description: | Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1346-1 CVE-2007-3844 CVE-2007-3845 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceape |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18825 | |||
Oval ID: | oval:org.mitre.oval:def:18825 | ||
Title: | DSA-1344-1 iceweasel | ||
Description: | Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1344-1 CVE-2007-3844 CVE-2007-3845 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceweasel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20237 | |||
Oval ID: | oval:org.mitre.oval:def:20237 | ||
Title: | DSA-1345-1 xulrunner | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1345-1 CVE-2007-3844 CVE-2007-3845 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 2 | |
Application | 1 | |
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Mozilla File : nvt/sles9p5018527.nasl |
2009-05-05 | Name : HP-UX Update for Thunderbird HPSBUX02156 File : nvt/gb_hp_ux_HPSBUX02156.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-firefox MDKSA-2007:152 (mozilla-firefox) File : nvt/gb_mandriva_MDKSA_2007_152.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2007:047 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2007_047.nasl |
2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-493-1 File : nvt/gb_ubuntu_USN_493_1.nasl |
2009-03-23 | Name : Ubuntu Update for mozilla-thunderbird vulnerabilities USN-503-1 File : nvt/gb_ubuntu_USN_503_1.nasl |
2009-01-28 | Name : SuSE Update for MozillaFirefox,mozilla,seamonkey SUSE-SA:2007:057 File : nvt/gb_suse_2007_057.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1344-1 (iceweasel) File : nvt/deb_1344_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1345-1 (xulrunner) File : nvt/deb_1345_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1346-1 (iceape) File : nvt/deb_1346_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1391-1 (icedove) File : nvt/deb_1391_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2007-213-01 firefox File : nvt/esoft_slk_ssa_2007_213_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
41188 | Mozilla Firefox URI Handling Null Byte Argument Injection |
41090 | Microsoft Windows w/ IE7 Shell32.dll Crafted URL Third-party Application Arbi... |
38031 | Mozilla Multiple Products Crafted URI Unspecified File Handling Arbitrary Co... |
Snort® IPS/IDS
Date | Description |
---|---|
2015-01-20 | Multiple product mailto uri handling code execution attempt RuleID : 32871 - Revision : 2 - Type : OS-WINDOWS |
2014-01-10 | Multiple product mailto uri handling code execution attempt RuleID : 18173 - Revision : 7 - Type : OS-WINDOWS |
2014-01-10 | Multiple product mailto uri handling code execution attempt RuleID : 18172 - Revision : 8 - Type : OS-WINDOWS |
2014-01-10 | Multiple product mailto uri handling code execution attempt RuleID : 18171 - Revision : 8 - Type : OS-WINDOWS |
2014-01-10 | Multiple product snews uri handling code execution attempt RuleID : 15684 - Revision : 10 - Type : OS-WINDOWS |
2014-01-10 | Multiple product mailto uri handling code execution attempt RuleID : 13272 - Revision : 12 - Type : OS-WINDOWS |
2014-01-10 | Multiple product telnet uri handling code execution attempt RuleID : 13271 - Revision : 12 - Type : OS-WINDOWS |
2014-01-10 | Multiple product news uri handling code execution attempt RuleID : 13270 - Revision : 12 - Type : OS-WINDOWS |
2014-01-10 | Multiple product nntp uri handling code execution attempt RuleID : 13269 - Revision : 12 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-047.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-4570.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-503-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-493-1.nasl - Type : ACT_GATHER_INFO |
2007-10-26 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-4596.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1391.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-4594.nasl - Type : ACT_GATHER_INFO |
2007-10-24 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-4574.nasl - Type : ACT_GATHER_INFO |
2007-10-24 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-4572.nasl - Type : ACT_GATHER_INFO |
2007-08-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1344.nasl - Type : ACT_GATHER_INFO |
2007-08-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1346.nasl - Type : ACT_GATHER_INFO |
2007-08-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1345.nasl - Type : ACT_GATHER_INFO |
2007-08-04 | Name : A web browser on the remote host is prone to multiple flaws. File : seamonkey_114.nasl - Type : ACT_GATHER_INFO |
2007-08-02 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_2006.nasl - Type : ACT_GATHER_INFO |
2007-08-02 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-152.nasl - Type : ACT_GATHER_INFO |
2007-08-02 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-213-01.nasl - Type : ACT_GATHER_INFO |
2007-07-31 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_2006.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-05-11 12:26:44 |
|