Closed Bug 1572839 Opened 5 years ago Closed 5 years ago

URI Handler Command Injection Vulnerability [iDefense V-bsk2ottbf1]

Tracking

()

Status:

RESOLVED DUPLICATE of bug 1572838

People

(Reporter: dveditz, Unassigned)

Details

Daniel Veditz [:dveditz]

Reporter

Description

•

5 years ago

Sent to the security alias. Attachments are missing, will be added to the bug when we get them.

iDefense VCP Submission V-bsk2ottbf1
Mozilla Firefox URI Handler Command Injection Vulnerability (iDefense Zero Day)

Description:
Remote exploitation of an input validation vulnerability in Mozilla Foundation's Firefox could allow an attacker to execute arbitrary code with the privileges of the current user.

Analysis:
An input validation vulnerability has been identified in Firefox. Specifically, the error occurs in the URI Handler component in the way it improperly sanitizes MOZ_LOG and MOZ_LOG_FILE arguments. This can lead to command injection attacks.

Credit:
Ping Fan (Zetta) Ke of VXRL working with iDefense Labs (https://vcp.idefense.com/)

Daniel Veditz [:dveditz]

Reporter

Updated

•

5 years ago

Status: NEW → RESOLVED

Closed: 5 years ago

Resolution: --- → DUPLICATE

Daniel Veditz [:dveditz]

Reporter

Updated

•

11 months ago

Group: network-core-security

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

URI Handler Command Injection Vulnerability [iDefense V-bsk2ottbf1]

Categories

(Core :: Networking, defect)

Tracking

()

People

(Reporter: dveditz, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated