Re: [Full-Disclosure] shell:windows command question

2004-07-08 Thread Andreas Sandblad
It doesn't seem to affect Windows 2000, only Windows XP. This is a fault in Mozilla. Why? Because it allows access to a dangerous protocol from within a non local resource. The Mozilla project should fix this before anyone creates an exploit to run arbitrary code. Personally I think the shell:

Re: [Full-Disclosure] shell:windows command question

2004-07-08 Thread Andreas Sandblad
Did some quick search on Bugzilla and came up with the following: Mozilla allows external protocols as discussed in: http://bugzilla.mozilla.org/show_bug.cgi?id=167475 They seem to blacklist the following external protocol handlers: (patch

Re: [Full-Disclosure] shell:windows command question

2004-07-08 Thread Xavier Beaudouin
This is not a real security matter Denial of Service causing the user to reset his system is not a security issue? I don't think that Denial of Service causing local user to reset his system because of local application locks the whole system... is not a security problem, but OS + Security

RE: [Full-Disclosure] shell:windows command question

2004-07-08 Thread Perrymon, Josh L.
] Subject: Re: [Full-Disclosure] shell:windows command question Did some quick search on Bugzilla and came up with the following: Mozilla allows external protocols as discussed in: http://bugzilla.mozilla.org/show_bug.cgi?id=167475 They seem to blacklist the following external protocol handlers

Re: [Full-Disclosure] shell:windows command question

2004-07-08 Thread Andrew Poodle
: [EMAIL PROTECTED] - Email found in subject - Re: [Full-Disclosure] shell:windows command question This is dangerous. Based on the file extension of the shell protocol different applications may be launched. For example: shell:.its will launch Internet Explorer and shell:.mp3 will launch

RE: [Full-Disclosure] shell:windows command question

2004-07-08 Thread Clairmont, Jan M
] Subject: Re: [Full-Disclosure] shell:windows command question On Wed, 7 Jul 2004, Perrymon, Josh L. wrote: -snip-- centerbrbrimg src=nocigar.gif/center center a href=shell:windows\snakeoil.txtwho goes there/a/center iframe src=http://windowsupdate.microsoft.com%2F.http

Re: [Full-Disclosure] shell:windows command question

2004-07-08 Thread Barry Fitzgerald
Darren Reed wrote: A simple solution would be to add the shell protocol to this list. Personally I think a secure blacklist is hard to maintain as new dangerous external protocols could be invented by third-parties leaving Mozilla vulnerable again. Completely agreed. There should be a

RE: [Full-Disclosure] shell:windows command question

2004-07-08 Thread Perrymon, Josh L.
It's XP only. The functionality IS available in 2k but the syntax is different. JP -Original Message- From: Andrew Poodle [mailto:[EMAIL PROTECTED] Sent: Thursday, July 08, 2004 8:55 AM To: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] shell:windows command question I might

Re: [Full-Disclosure] shell:windows command question

2004-07-08 Thread Keith and Kelley
I am the one that reported http://bugzilla.mozilla.org/show_bug.cgi?id=167475. Since, I saw the debug team marked the report public, I will comment on it. I agree with Andreas that it is a very serious security flaw. When I was playing around with it I found some of the suffixes it

Re: [Full-Disclosure] shell:windows command question

2004-07-08 Thread Darren Reed
In some mail from Barry Fitzgerald, sie said: Darren Reed wrote: A simple solution would be to add the shell protocol to this list. Personally I think a secure blacklist is hard to maintain as new dangerous external protocols could be invented by third-parties leaving Mozilla vulnerable

Re: [Full-Disclosure] shell:windows command question

2004-07-08 Thread Darren Reed
In some mail from Barry Fitzgerald, sie said: Andreas Sandblad wrote: Did some quick search on Bugzilla and came up with the following: Mozilla allows external protocols as discussed in: http://bugzilla.mozilla.org/show_bug.cgi?id=167475 They seem to blacklist the following external

Re: [Full-Disclosure] shell:windows command question

2004-07-08 Thread Keith
I am the one that reported http://bugzilla.mozilla.org/show_bug.cgi?id=167475. Since, I saw the debug team marked the report public, I will comment on it. I agree with Andreas that it is a very serious security flaw. When I was playing around with it I found some of the suffixes it

[Full-Disclosure] shell:windows command question

2004-07-07 Thread Perrymon, Josh L.
-snip-- centerbrbrimg src=nocigar.gif/center center a href=shell:windows\snakeoil.txtwho goes there/a/center iframe src=http://windowsupdate.microsoft.com%2F.http- equiv.dyndns.org/~http-equiv/b*llsh*t.html style=display:none [customise as you see fit]

Re: [Full-Disclosure] shell:windows command question

2004-07-07 Thread Andreas Sandblad
This is dangerous. Based on the file extension of the shell protocol different applications may be launched. For example: shell:.its will launch Internet Explorer and shell:.mp3 will launch Winamp. The trick is to find an application that will overflow when given a very long parameter. A quick

Re: [Full-Disclosure] shell:windows command question

2004-07-07 Thread Barry Fitzgerald
I just verified this in Mozilla 1.7 on Windows XP pro. (I know -- no reason why it shouldn't work on 1.7 if it worked on firefox) In any case, it does appear to be an issue with MS Windows and not Mozilla, but the Mozilla project should still, IMO, filter out the shell: scheme type and other

Re: [Full-Disclosure] shell:windows command question

2004-07-07 Thread Komrade
On Wed, 7 Jul 2004, Perrymon, Josh L. wrote: -snip-- centerbrbrimg src=nocigar.gif/center center a href=shell:windows\snakeoil.txtwho goes there/a/center iframe src=http://windowsupdate.microsoft.com%2F.http- equiv.dyndns.org/~http-equiv/b*llsh*t.html style=display:none [customise as