• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple Browser URI Handlers Command Injection Vulnerabilities

References:

• Attack of the URL Vulnerabilities (GNUCITIZEN)
  
• Firefox Homepage (Mozilla Foundation)
  
• Related Security Issue in URL Protocol Handling on Windows (Mozilla)
  
• Remote Command Exec (FireFox 2.0.0.5 et al) (Billy (BK) Rios)
  
• Remote Command Execution in FireFox et al (Nathan McFeters)
  
• SeaMonkey Homepage (Mozilla)
  
• Thunderbird Home Page (Mozilla)
  
• HPSBUX02153 SSRT061181 rev.5 - HP-UX Running Firefox, Remote Unauthorized Access (HP)
  
• MFSA-2007-27:Unescaped URIs passed to external programs (Mozilla Foundation)
  
• Solution 201516 : Multiple Security Vulnerabilities in Firefox and Thunderbir (Sun)
  
• Sun Alert ID: 103177 (Sun Microsystems)
  
• Vulnerability Note VU#783400 (US-CERT)