Vulnerabilities > CVE-2005-2968 - Unspecified vulnerability in Mozilla Firefox and Mozilla
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | Mozilla Browser/Firefox Arbitrary Command Execution Vulnerability. CVE-2005-2968. Remote exploit for linux platform |
id | EDB-ID:26288 |
last seen | 2016-02-03 |
modified | 2005-09-20 |
published | 2005-09-20 |
reporter | eter Zelezny |
source | https://www.exploit-db.com/download/26288/ |
title | Mozilla Browser/Firefox - Arbitrary Command Execution Vulnerability |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2005-926.NASL description An updated firefox package that fixes several security bugs is now available for Fedora Core 4. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. A bug was found in the way Firefox processes XBM image files. If a user views a specially crafted XBM file, it becomes possible to execute arbitrary code as the user running Firefox. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2701 to this issue. A bug was found in the way Firefox processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Firefox if the user views a specially crafted Unicode sequence. (CVE-2005-2702) A bug was found in the way Firefox makes XMLHttp requests. It is possible that a malicious web page could leverage this flaw to exploit other proxy or server flaws from the victim last seen 2020-06-01 modified 2020-06-02 plugin id 19871 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19871 title Fedora Core 4 : firefox-1.0.7-1.1.fc4 (2005-926) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-169.NASL description A number of vulnerabilities have been discovered in Mozilla Firefox that have been corrected in version 1.0.7: A bug in the way Firefox processes XBM images could be used to execute arbitrary code via a specially crafted XBM image file (CVE-2005-2701). A bug in the way Firefox handles certain Unicode sequences could be used to execute arbitrary code via viewing a specially crafted Unicode sequence (CVE-2005-2702). A bug in the way Firefox makes XMLHttp requests could be abused by a malicious web page to exploit other proxy or server flaws from the victim's machine; however, the default behaviour of the browser is to disallow this (CVE-2005-2703). A bug in the way Firefox implemented its XBL interface could be abused by a malicious web page to create an XBL binding in such a way as to allow arbitrary JavaScript execution with chrome permissions (CVE-2005-2704). An integer overflow in Firefox's JavaScript engine could be manipulated in certain conditions to allow a malicious web page to execute arbitrary code (CVE-2005-2705). A bug in the way Firefox displays about: pages could be used to execute JavaScript with chrome privileges (CVE-2005-2706). A bug in the way Firefox opens new windows could be used by a malicious web page to construct a new window without any user interface elements (such as address bar and status bar) that could be used to potentially mislead the user (CVE-2005-2707). A bug in the way Firefox proceesed URLs on the command line could be used to execute arbitary commands as the user running Firefox; this could be abused by clicking on a supplied link, such as from an instant messaging client (CVE-2005-2968). Tom Ferris reported that Firefox would crash when processing a domain name consisting solely of soft-hyphen characters due to a heap overflow when IDN processing results in an empty string after removing non- wrapping chracters, such as soft-hyphens. This could be exploited to run or or install malware on the user's computer (CVE-2005-2871). The updated packages have been patched to address these issues and all users are urged to upgrade immediately. last seen 2017-10-29 modified 2012-09-07 plugin id 20425 published 2006-01-15 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=20425 title MDKSA-2005:169 : mozilla-firefox NASL family Fedora Local Security Checks NASL id FEDORA_2005-931.NASL description An updated firefox package that fixes several security bugs is now available for Fedora Core 3. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. A bug was found in the way Firefox processes XBM image files. If a user views a specially crafted XBM file, it becomes possible to execute arbitrary code as the user running Firefox. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2701 to this issue. A bug was found in the way Firefox processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Firefox if the user views a specially crafted Unicode sequence. (CVE-2005-2702) A bug was found in the way Firefox makes XMLHttp requests. It is possible that a malicious web page could leverage this flaw to exploit other proxy or server flaws from the victim last seen 2020-06-01 modified 2020-06-02 plugin id 19876 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19876 title Fedora Core 3 : firefox-1.0.7-1.1.fc3 (2005-931) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-186-1.NASL description Peter Zelezny discovered that URLs which are passed to Firefox or Mozilla on the command line are not correctly protected against interpretation by the shell. If Firefox or Mozilla is configured as the default handler for URLs (which is the default in Ubuntu), this could be exploited to execute arbitrary code with user privileges by tricking the user into clicking on a specially crafted URL (for example, in an email or chat client). (CAN-2005-2968, MFSA-2005-59) A buffer overflow was discovered in the XBM image handler. By tricking an user into opening a specially crafted XBM image, an attacker could exploit this to execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 20597 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20597 title Ubuntu 4.10 / 5.04 : mozilla, mozilla-firefox vulnerabilities (USN-186-1) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-174.NASL description Updated Mozilla Thunderbird packages fix various vulnerabilities : The run-mozilla.sh script, with debugging enabled, would allow local users to create or overwrite arbitrary files via a symlink attack on temporary files (CVE-2005-2353). A bug in the way Thunderbird processes XBM images could be used to execute arbitrary code via a specially crafted XBM image file (CVE-2005-2701). A bug in the way Thunderbird handles certain Unicode sequences could be used to execute arbitrary code via viewing a specially crafted Unicode sequence (CVE-2005-2702). A bug in the way Thunderbird makes XMLHttp requests could be abused by a malicious web page to exploit other proxy or server flaws from the victim last seen 2020-06-01 modified 2020-06-02 plugin id 20428 published 2006-01-15 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20428 title Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2005:174) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-785.NASL description An updated firefox package that fixes several security bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. A bug was found in the way Firefox processes XBM image files. If a user views a specially crafted XBM file, it becomes possible to execute arbitrary code as the user running Firefox. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2701 to this issue. A bug was found in the way Firefox processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Firefox if the user views a specially crafted Unicode sequence. (CVE-2005-2702) A bug was found in the way Firefox makes XMLHttp requests. It is possible that a malicious web page could leverage this flaw to exploit other proxy or server flaws from the victim last seen 2020-06-01 modified 2020-06-02 plugin id 19835 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19835 title RHEL 4 : firefox (RHSA-2005:785) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-791.NASL description An updated thunderbird package that fixes various bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. A bug was found in the way Thunderbird processes certain international domain names. An attacker could create a specially crafted HTML mail, which when viewed by the victim would cause Thunderbird to crash or possibly execute arbitrary code. Thunderbird as shipped with Red Hat Enterprise Linux 4 must have international domain names enabled by the user in order to be vulnerable to this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2871 to this issue. A bug was found in the way Thunderbird processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Thunderbird if the user views a specially crafted HTML mail containing Unicode sequences. (CVE-2005-2702) A bug was found in the way Thunderbird makes XMLHttp requests. It is possible that a malicious HTML mail could leverage this flaw to exploit other proxy or server flaws from the victim last seen 2020-06-01 modified 2020-06-02 plugin id 21964 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21964 title CentOS 4 : thunderbird (CESA-2005:791) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-785.NASL description An updated firefox package that fixes several security bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. A bug was found in the way Firefox processes XBM image files. If a user views a specially crafted XBM file, it becomes possible to execute arbitrary code as the user running Firefox. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2701 to this issue. A bug was found in the way Firefox processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Firefox if the user views a specially crafted Unicode sequence. (CVE-2005-2702) A bug was found in the way Firefox makes XMLHttp requests. It is possible that a malicious web page could leverage this flaw to exploit other proxy or server flaws from the victim last seen 2020-06-01 modified 2020-06-02 plugin id 21963 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21963 title CentOS 4 : firefox (CESA-2005:785) NASL family Fedora Local Security Checks NASL id FEDORA_2005-963.NASL description An updated thunderbird package that fixes various bugs is now available for Fedora Core 4. This update has been rated as having important security impact by the Fedora Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. A bug was found in the way Thunderbird processes certain international domain names. An attacker could create a specially crafted HTML file, which when viewed by the victim would cause Thunderbird to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2871 to this issue. A bug was found in the way Thunderbird processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Thunderbird if the user views a specially crafted Unicode sequence. (CVE-2005-2702) A bug was found in the way Thunderbird makes XMLHttp requests. It is possible that a malicious web page could leverage this flaw to exploit other proxy or server flaws from the victim last seen 2020-06-01 modified 2020-06-02 plugin id 19884 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19884 title Fedora Core 4 : thunderbird-1.0.7-1.1.fc4 (2005-963) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_2E28CEFB2AEE11DAA2630001020EED82.NASL description A Secunia Advisory reports : Peter Zelezny has discovered a vulnerability in Firefox, which can be exploited by malicious people to compromise a user last seen 2020-06-01 modified 2020-06-02 plugin id 21408 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21408 title FreeBSD : firefox & mozilla -- command line URL shell command injection (2e28cefb-2aee-11da-a263-0001020eed82) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-200-1.NASL description A buffer overflow was discovered in the XBM image handler. By tricking an user into opening a specially crafted XBM image, an attacker could exploit this to execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 20616 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20616 title Ubuntu 4.10 / 5.04 : mozilla-thunderbird vulnerabilities (USN-200-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-791.NASL description An updated thunderbird package that fixes various bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. A bug was found in the way Thunderbird processes certain international domain names. An attacker could create a specially crafted HTML mail, which when viewed by the victim would cause Thunderbird to crash or possibly execute arbitrary code. Thunderbird as shipped with Red Hat Enterprise Linux 4 must have international domain names enabled by the user in order to be vulnerable to this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2871 to this issue. A bug was found in the way Thunderbird processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Thunderbird if the user views a specially crafted HTML mail containing Unicode sequences. (CVE-2005-2702) A bug was found in the way Thunderbird makes XMLHttp requests. It is possible that a malicious HTML mail could leverage this flaw to exploit other proxy or server flaws from the victim last seen 2020-06-01 modified 2020-06-02 plugin id 19995 published 2005-10-11 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19995 title RHEL 4 : thunderbird (RHSA-2005:791) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-866.NASL description Several security-related problems have been discovered in Mozilla and derived programs. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2871 Tom Ferris discovered a bug in the IDN hostname handling of Mozilla that allows remote attackers to cause a denial of service and possibly execute arbitrary code via a hostname with dashes. - CAN-2005-2701 A buffer overflow allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag. - CAN-2005-2702 Mats Palmgren discovered a buffer overflow in the Unicode string parser that allows a specially crafted Unicode sequence to overflow a buffer and cause arbitrary code to be executed. - CAN-2005-2703 Remote attackers could spoof HTTP headers of XML HTTP requests via XMLHttpRequest and possibly use the client to exploit vulnerabilities in servers or proxies. - CAN-2005-2704 Remote attackers could spoof DOM objects via an XBL control that implements an internal XPCOM interface. - CAN-2005-2705 Georgi Guninski discovered an integer overflow in the JavaScript engine that might allow remote attackers to execute arbitrary code. - CAN-2005-2706 Remote attackers could execute JavaScript code with chrome privileges via an about: page such as about:mozilla. - CAN-2005-2707 Remote attackers could spawn windows without user interface components such as the address and status bar that could be used to conduct spoofing or phishing attacks. - CAN-2005-2968 Peter Zelezny discovered that shell metacharacters are not properly escaped when they are passed to a shell script and allow the execution of arbitrary commands, e.g. when a malicious URL is automatically copied from another program into Mozilla as default browser. last seen 2020-06-01 modified 2020-06-02 plugin id 20063 published 2005-10-20 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20063 title Debian DSA-866-1 : mozilla - several vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-868.NASL description Several security-related problems have been discovered in Mozilla and derived programs. Some of the following problems don last seen 2020-06-01 modified 2020-06-02 plugin id 20071 published 2005-10-24 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20071 title Debian DSA-868-1 : mozilla-thunderbird - several vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2005-962.NASL description An updated thunderbird package that fixes various bugs is now available for Fedora Core 3. This update has been rated as having important security impact by the Fedora Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. A bug was found in the way Thunderbird processes certain international domain names. An attacker could create a specially crafted HTML file, which when viewed by the victim would cause Thunderbird to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2871 to this issue. A bug was found in the way Thunderbird processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Thunderbird if the user views a specially crafted Unicode sequence. (CVE-2005-2702) A bug was found in the way Thunderbird makes XMLHttp requests. It is possible that a malicious web page could leverage this flaw to exploit other proxy or server flaws from the victim last seen 2020-06-01 modified 2020-06-02 plugin id 19883 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19883 title Fedora Core 3 : thunderbird-1.0.7-1.1.fc3 (2005-962)
Oval
accepted | 2013-04-29T04:11:32.819-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash. | ||||||||||||
family | unix | ||||||||||||
id | oval:org.mitre.oval:def:11105 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
title | Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash. | ||||||||||||
version | 26 |
Redhat
advisories |
| ||||||||
rpms |
|
Statements
contributor | Mark J Cox |
lastmodified | 2006-08-30 |
organization | Red Hat |
statement | Not vulnerable. These issues did not affect the versions of Mozilla and Firefox as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. |
References
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
- http://secunia.com/advisories/16869
- http://secunia.com/advisories/17042
- http://secunia.com/advisories/17090
- http://secunia.com/advisories/17149
- http://secunia.com/advisories/17263
- http://secunia.com/advisories/17284
- http://www.debian.org/security/2005/dsa-866
- http://www.debian.org/security/2005/dsa-868
- http://www.kb.cert.org/vuls/id/914681
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:174
- http://www.mozilla.org/security/announce/mfsa2005-58.html
- http://www.redhat.com/support/errata/RHSA-2005-785.html
- http://www.redhat.com/support/errata/RHSA-2005-791.html
- http://www.securityfocus.com/bid/14888
- http://www.securityfocus.com/bid/15495
- http://www.ubuntu.com/usn/usn-186-1
- http://www.ubuntu.com/usn/usn-186-2
- http://www.ubuntu.com/usn/usn-200-1
- http://www.vupen.com/english/advisories/2005/1794
- http://www.vupen.com/english/advisories/2005/1824
- https://bugzilla.mozilla.org/show_bug.cgi?id=307185
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11105