Closed Bug 309551 Opened 15 years ago Closed 15 years ago

URLs passed on the command line are parsed by the shell (bash). with cygwin setup version 2.510.2.2

Categories

(Firefox :: Shell Integration, defect, critical)

x86
Windows XP
defect
Not set
critical

Tracking

()

RESOLVED INVALID

People

(Reporter: tjblair, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7

URLs passed on the command line are parsed by the shell (bash). with cygwin
setup version 2.510.2.2, same as fixed linux bug

Reproducible: Always
The Linux version of this bug was bug 307185.
Flags: blocking1.8b5?
Flags: blocking-aviary1.0.8?
This may be a stupid question, but, um, how? The Linux bug was because the
commandline handler for Linux is a shell script, but since the Windows
commandline handler is firefox.exe, how are you seeing URLs parsed by bash? Even
if I run |firefox http://local\`find\`host| from a cygwin shell, I just get a
Feeling Lucky search for local%60find%60host.
Tim, exact steps to reproduce?
stuff like http://google.com/search?q=$PATH works, the backquoting doesn't. 
However, this is seems to be what is getting passed to us by bash, so we can't
exactly fix it.  Nor is this really exploitable since we do not use any sort of
bash script while being invoked.  If you have a bash shell, and you paste in
something bogus, you can hose your system with or without Firefox.
Marking invalid based on comments from Phil and Mike.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Flags: blocking1.8b5?
Flags: blocking-aviary1.0.8?
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.