Reported July 9, 2004, by Mozilla Security Group

VERSIONS AFFECTED

  • Mozilla (suite) 1.7.0 and earlier
  • Mozilla Firefox 0.9.1 and earlier
  • Mozilla Thunderbird 0.7.1 and earlier

DESCRIPTION
Windows versions of Mozilla products use the shell: scheme to pass Uniform Resource Identifiers (URIs) to the OS for handling. The effects of the vulnerability depend on the version of Windows, but on Windows XP it's possible to launch executables in known locations or the default handlers for file extensions. An attacker could combine this effect with a known buffer overrun in any of the affected Mozilla programs to create a remote execution exploit.

VENDOR RESPONSE
The Mozilla Foundation has released the security bulletin "What Mozilla users should know about the shell: protocol security issue," which addresses this vulnerability, and recommends that affected users immediately apply the appropriate patch listed in the bulletin or upgrade to the latest software release.

CREDIT
Discovered by Keith McCanless.