CVE-2007-3670 Information

Description

Argument injection vulnerability in Microsoft Internet Explorer when running on systems with Firefox installed and certain URIs registered allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711 it is CVE’s opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox and this issue could arise with other protocol handlers in IE as well. However Mozilla has stated that it will address the issue with a \defense in depth\ fix that will \prevent IE from sending Firefox malicious data.\

Reference

ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/ http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/ http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565 http://larholm.com/2007/07/10/internet-explorer-0day-exploit/ http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx http://osvdb.org/38017 http://secunia.com/advisories/25984 http://secunia.com/advisories/26096 http://secunia.com/advisories/26149 http://secunia.com/advisories/26204 http://secunia.com/advisories/26216 http://secunia.com/advisories/26258 http://secunia.com/advisories/26271 http://secunia.com/advisories/26572 http://secunia.com/advisories/28179 http://secunia.com/advisories/28363 http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html http://www.kb.cert.org/vuls/id/358017 http://www.mandriva.com/security/advisories?name=MDKSA-2007:152 http://www.mozilla.org/security/announce/2007/mfsa2007-23.html http://www.mozilla.org/security/announce/2007/mfsa2007-40.html http://www.novell.com/linux/security/advisories/2007_49_mozilla.html http://www.securityfocus.com/archive/1/473276/100/0/threaded http://www.securityfocus.com/bid/24837 http://www.securitytracker.com/id?1018351 http://www.securitytracker.com/id?1018360 http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/ http://www.ubuntu.com/usn/usn-503-1 http://www.us-cert.gov/cas/techalerts/TA07-199A.html http://www.virusbtn.com/news/virus_news/2007/07_11.xml http://www.vupen.com/english/advisories/2007/2473 http://www.vupen.com/english/advisories/2007/2565 http://www.vupen.com/english/advisories/2007/4272 http://www.vupen.com/english/advisories/2008/0082 http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html https://exchange.xforce.ibmcloud.com/vulnerabilities/35346 ie-firefoxurl-command-execution(35346)