| VID |
28630 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Mozilla Web browser, according to its version number, contains a flaw which may allow an attacker to execute arbitrary programs on the affected Windows host. This vulnerability is due to a design error that potentially permit an external protocol to be called without any user interaction.
Windows versions of Mozilla products pass URIs using the shell: scheme to the OS for handling. The effects depend on the version of windows, but on Windows XP it is possible to launch executables in known locations or the default handlers for file extensions. It might be possible to combine this effect with a known buffer overrun in one of these programs to create a remote execution exploit.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.mozilla.org/security/shell.html
http://www.securityfocus.com/archive/1/368494
* Platforms Affected:
Mozilla Browser prior to 1.7.1
Mozilla Firefox prior to 0.9.2
Mozilla Thunderbird prior to 0.7.2
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Mozilla (Mozilla Browser 1.7.1, Mozilla Firefox 0.9.2, Mozilla Thunderbird 0.7.2, or later), available from the Mozilla Download site at http://www.mozilla.org/download.html
-- OR --
Mozilla has released a patch to address the "shell:" protocol handling weakness. It is available at the following location:
http://www.mozilla.org/security/shell.html |
| Related URL |
CVE-2004-0648 (CVE) |
| Related URL |
10681 (SecurityFocus) |
| Related URL |
(ISS) |
|
