CVE-2005-2968 Information
Description
Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line which is sent unfiltered to bash.
Reference
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://secunia.com/advisories/16869 http://secunia.com/advisories/17042 http://secunia.com/advisories/17090 http://secunia.com/advisories/17149 http://secunia.com/advisories/17263 http://secunia.com/advisories/17284 http://www.debian.org/security/2005/dsa-866 http://www.debian.org/security/2005/dsa-868 http://www.kb.cert.org/vuls/id/914681 http://www.mandriva.com/security/advisories?name=MDKSA-2005:174 http://www.mozilla.org/security/announce/mfsa2005-58.html http://www.redhat.com/support/errata/RHSA-2005-785.html http://www.redhat.com/support/errata/RHSA-2005-791.html http://www.securityfocus.com/bid/14888 http://www.securityfocus.com/bid/15495 http://www.ubuntu.com/usn/usn-186-1 http://www.ubuntu.com/usn/usn-186-2 http://www.ubuntu.com/usn/usn-200-1 http://www.vupen.com/english/advisories/2005/1794 http://www.vupen.com/english/advisories/2005/1824 https://bugzilla.mozilla.org/show_bug.cgi?id=307185 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11105
Share on: