Bug 169232 - [MFSA2005-59] Thunderbird improper command line URL sanitization
[MFSA2005-59] Thunderbird improper command line URL sanitization
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: thunderbird (Show other bugs)
4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Christopher Aillon
http://www.mozilla.org/security/annou...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-09-25 14:11 EDT by Gerwin Krist
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: 1.0.7-1.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-10-09 05:59:54 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Gerwin Krist 2005-09-25 14:11:33 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b4) Gecko/20050908 (No IDN) Firefox/1.4

Description of problem:
"URLs passed to Linux versions of Firefox on the command-line are not correctly protected against interpretation by the shell. As a result a malicious URL can result in the execution of shell commands with the privileges of the user. If Firefox is set as the default handler for web URLs then opening a URL in another program (for example, links in a mail or chat client) can result in shell command execution."

So not only firefox is affected but also Thunderbird. Fix will come with 1.07 version ....

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.
2.
3.
  

Additional info:
Comment 1 Gerwin Krist 2005-09-25 14:12:22 EDT
Page:
http://www.mozilla.org/security/announce/mfsa2005-59.html

Note You need to log in before you can comment on or make changes to this bug.