Red Hat Bugzilla – Bug 169232
[MFSA2005-59] Thunderbird improper command line URL sanitization
Last modified: 2007-11-30 17:11:14 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b4) Gecko/20050908 (No IDN) Firefox/1.4
Description of problem:
"URLs passed to Linux versions of Firefox on the command-line are not correctly protected against interpretation by the shell. As a result a malicious URL can result in the execution of shell commands with the privileges of the user. If Firefox is set as the default handler for web URLs then opening a URL in another program (for example, links in a mail or chat client) can result in shell command execution."
So not only firefox is affected but also Thunderbird. Fix will come with 1.07 version ....
Version-Release number of selected component (if applicable):
Steps to Reproduce: