eWeek wrote:The reports indicate that links in a Web page using the "shell:" scheme can execute arbitrary programs on the user's system. The attacker would have to know the location in the file system of the program, but there are known programs in Windows with buffer overflows.
This means the attacker could create a link in a Web page that could execute arbitrary code under Windows. Through the use of an appropriate META tag, the attack could load without the user having to click a link explicitly.
In the definition of a URI (Uniform Resource Identifier), the technical name for a Web address, "shell:" is not a protocol like http but a scheme. Some schemes map directly to protocol handlers in the browser itself or externally, such as those that handle audio and video media.
Current versions of Mozilla and Firefox pass unknown protocol handlers to the operating system shell to handle. In this case, the location passed to the shell is a program name that the shell executes.
Firefox/Mozilla Security Warning
Moderator: Thanas
Firefox/Mozilla Security Warning
Note: this affects Windows users only. A patch is available here; new installers (Firefox 0.9.2 and Mozilla 1.7.1) are also available.
Last edited by phongn on 2004-07-08 10:29pm, edited 2 times in total.
-
The Kernel
- Emperor's Hand
- Posts: 7438
- Joined: 2003-09-17 02:31am
- Location: Kweh?!
Whoa... had me scared. It takes hours for me to download anything over dialup (and my queue of stuff to download is over 600 megs- more debian package updates (which increases at a rate of about 30MB/day, since Debian assumes users have broadband and only puts up entire packages- even if only 1 character or file has changed- as someone who packages files I contribute to this...) and ground control) Ugh.
Patches are always good- better than full downloads. There should be a mozilla/firefox feature for updating W/O visiting a URL though, since eventually unpatched installations will get hacked, since you have a bunch of users thinking Firefox is a cureall and never patch the software.
Fortunately the vulnerability doesn't affect me, hehe... but bashing windows is getting old, and this isn't MS's fault.
Anyway, direct link to patch for lazy users [deliberately left link uncleaned]: http://update.mozilla.org/extensions/in ... 54&vid=261
Patches are always good- better than full downloads. There should be a mozilla/firefox feature for updating W/O visiting a URL though, since eventually unpatched installations will get hacked, since you have a bunch of users thinking Firefox is a cureall and never patch the software.
Fortunately the vulnerability doesn't affect me, hehe... but bashing windows is getting old, and this isn't MS's fault.
Anyway, direct link to patch for lazy users [deliberately left link uncleaned]: http://update.mozilla.org/extensions/in ... 54&vid=261
ah.....the path to happiness is revision of dreams and not fulfillment... -SWPIGWANG
Sufficient Googling is indistinguishable from knowledge -somebody
Anything worth the cost of a missile, which can be located on the battlefield, will be shot at with missiles. If the US military is involved, then things, which are not worth the cost if a missile will also be shot at with missiles. -Sea Skimmer
George Bush makes freedom sound like a giant robot that breaks down a lot. -Darth Raptor
