Closed
Bug 1572839
Opened 5 years ago
Closed 5 years ago
URI Handler Command Injection Vulnerability [iDefense V-bsk2ottbf1]
Categories
(Core :: Networking, defect)
Core
Networking
Tracking
()
RESOLVED
DUPLICATE
of bug 1572838
People
(Reporter: dveditz, Unassigned)
Details
Sent to the security alias. Attachments are missing, will be added to the bug when we get them.
iDefense VCP Submission V-bsk2ottbf1
Mozilla Firefox URI Handler Command Injection Vulnerability (iDefense Zero Day)
Description:
Remote exploitation of an input validation vulnerability in Mozilla Foundation's Firefox could allow an attacker to execute arbitrary code with the privileges of the current user.
Analysis:
An input validation vulnerability has been identified in Firefox. Specifically, the error occurs in the URI Handler component in the way it improperly sanitizes MOZ_LOG and MOZ_LOG_FILE arguments. This can lead to command injection attacks.
Credit:
Ping Fan (Zetta) Ke of VXRL working with iDefense Labs (https://vcp.idefense.com/)
Reporter | ||
Updated•5 years ago
|
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
Reporter | ||
Updated•11 months ago
|
Group: network-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•