mikmik
07-14-2004, 07:35 AM
Advisory (http://www.threatfocus.com/alert_detail.php?alert_id=20040996)
Vendor:Mozilla.org Product: Mozilla Browser
Impact: The effects depend on the version of windows, but on
Windows XP it is possible to launch executables in known
locations or the default handlers for file extensions. It
could be possible to combine this effect with a known buffer
overrun in one of these programs to create a remote
execution exploit, although at this time we have confirmed
only denial-of-service type attacks (including crashing the
system in some cases).
Summary: Windows shell: scheme exposed in Mozilla
Products: Mozilla (Suite)
Mozilla Firefox
Mozilla Thunderbird
Fixed in: Mozilla (Suite) 1.7.1
Mozilla Firefox 0.9.2
Mozilla Thunderbird 0.7.2
Vendor:Mozilla.org Product: Mozilla Browser
Impact: The effects depend on the version of windows, but on
Windows XP it is possible to launch executables in known
locations or the default handlers for file extensions. It
could be possible to combine this effect with a known buffer
overrun in one of these programs to create a remote
execution exploit, although at this time we have confirmed
only denial-of-service type attacks (including crashing the
system in some cases).
Summary: Windows shell: scheme exposed in Mozilla
Products: Mozilla (Suite)
Mozilla Firefox
Mozilla Thunderbird
Fixed in: Mozilla (Suite) 1.7.1
Mozilla Firefox 0.9.2
Mozilla Thunderbird 0.7.2