• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mozilla Firefox xdg-open 'mailcap' File Remote Code Execution Vulnerability

Mozilla Firefox is prone to a remote code-execution vulnerability because the browser fails to properly validate the 'mime-type' of files before calling the 'xdg-open' utility, as defined in '/etc/mailcap'.

An attacker can exploit this issue to execute arbitrary code within the context of the affected browser.

This issue affects Firefox running on Slackware Linux 12.2. Other versions may also be vulnerable.

UPDATE (January 8, 2009): The exact fault for this issue is currently unclear. This could be a configuration problem in Slackware Linux, a failure to sanitize input in Firefox, or a problem in 'xdg-open'. We will update this BID pending further investigation.