Multiple Browser URI Handlers Command Injection Vulnerabilities

Multiple Browser URI Handlers Command Injection Vulnerabilities

References:

Attack of the URL Vulnerabilities (GNUCITIZEN)
Related Security Issue in URL Protocol Handling on Windows (Mozilla)
Remote Command Exec (FireFox 2.0.0.5 et al) (Billy (BK) Rios)
Remote Command Execution in FireFox et al (Nathan McFeters)
SeaMonkey Homepage (Mozilla)
Thunderbird Homepage (Mozilla)
Vendor Homepage (Mozilla Foundation)
HPSBUX02153 SSRT061181 rev.5 - HP-UX Running Firefox, Remote Unauthorized Access (HP)
MFSA-2007-27:Unescaped URIs passed to external programs (Mozilla Foundation)
Solution 201516 : Multiple Security Vulnerabilities in Firefox and Thunderbir (Sun)
Sun Alert ID: 103177 (Sun Microsystems)
Vulnerability Note VU#783400 (US-CERT)

Privacy Statement
Copyright 2010, SecurityFocus