Page 1 of 2 12 LastLast
Results 1 to 16 of 19

Thread: Mozilla Flaw Lets Links Run Arbitrary Programs

  1. #1
    HEXUS webmaster Steve's Avatar
    Join Date
    Nov 2003
    Posts
    14,283
    Thanks
    293
    Thanked
    841 times in 476 posts

    Red face Mozilla Flaw Lets Links Run Arbitrary Programs

    With all the IE bashing going on recently, a flaw has been discovered in one of its competitor's browsers. The flaw affects both Mozilla and Firefox:
    Quote Originally Posted by eWeek
    ...reports indicate that links in a Web page using the "shell:" scheme can execute arbitrary programs on the user's system. The attacker would have to know the location in the file system of the program, but there are known programs in Windows with buffer overflows.
    This is indeed a bit of a blow for the praised Mozilla browsers. On the plus side, however, a fix is already available. Get it here. It's good to know that even when such bugs are found, they are fixed promptly.

    Find the full article on eWeek.

    So guys, what do you all make of this?
    PHP Code:
    $s = new signature();
    $s->sarcasm()->intellect()->font('Courier New')->display(); 

  2. #2
    Ex-MSFT Paul Adams's Avatar
    Join Date
    Jul 2003
    Location
    %systemroot%
    Posts
    1,926
    Thanks
    29
    Thanked
    77 times in 59 posts
    • Paul Adams's system
      • Motherboard:
      • Asus Maximus VIII
      • CPU:
      • Intel Core i7-6700K
      • Memory:
      • 16GB
      • Storage:
      • 2x250GB SSD / 500GB SSD / 2TB HDD
      • Graphics card(s):
      • nVidia GeForce GTX1080
      • Operating System:
      • Windows 10 x64 Pro
      • Monitor(s):
      • Philips 40" 4K
      • Internet:
      • 500Mbps fiber
    Quote Originally Posted by Kez
    So guys, what do you all make of this?
    I think "all software has bugs"

    A lot of bashing goes on when software is found to have flaws, I tend to take the view that it really comes down to how widespread use (and hence abuse) of software is - that will give an indication as to how many/often bugs are found which can be exploited.

    The NetWare OS, for example, is used almost solely in corporate environments and not on a huge scale - it has horrible flaws which Novell have found over the years, only a handful have been picked up by white hats because noone has bothered to focus on attacking it.

    The more market share a product has, the more likely it is to be targetted - as Mozilla gains users and functionality I think we'll see more attempts at exploiting holes in it.
    ~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
    PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
    Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3

  3. #3
    Registered+ Zathras's Avatar
    Join Date
    Jul 2003
    Location
    Canary Wharf/Richmond
    Posts
    1,454
    Thanks
    13
    Thanked
    7 times in 4 posts
    Quote Originally Posted by Kez
    So guys, what do you all make of this?
    A flaw in Windows more than anything. This patch stops Mozilla/Firefox being used to exploit the flaw. Look at the speed of response and ease of patching compared with IE too.

  4. #4
    Sublime HEXUS.net
    Join Date
    Jul 2003
    Location
    The Void.. Floating
    Posts
    11,819
    Thanks
    213
    Thanked
    233 times in 160 posts
    • Stoo's system
      • Motherboard:
      • Mac Pro
      • CPU:
      • 2*Xeon 5450 @ 2.8GHz, 12MB Cache
      • Memory:
      • 32GB 1600MHz FBDIMM
      • Storage:
      • ~ 2.5TB + 4TB external array
      • Graphics card(s):
      • ATI Radeon HD 4870
      • Case:
      • Mac Pro
      • Operating System:
      • OS X 10.7
      • Monitor(s):
      • 24" Samsung 244T Black
      • Internet:
      • Zen Max Pro
    Yup, the problem was found and patched far more rapidly and easily than IE ever would be..
    (\__/)
    (='.'=)
    (")_(")

  5. #5
    Commander Keen
    Join Date
    Nov 2003
    Location
    217.27.240.214
    Posts
    624
    Thanks
    0
    Thanked
    0 times in 0 posts
    good spot there kez. Pretty much ditto. there are always flaws. But at least it was fixed ASAP.

  6. #6
    I eats food da_ging's Avatar
    Join Date
    Jul 2003
    Posts
    2,256
    Thanks
    10
    Thanked
    29 times in 24 posts
    • da_ging's system
      • CPU:
      • E5200 @ 3.75Ghz
      • Memory:
      • 4GB kingston HyperX 8500
      • Storage:
      • 2*WD640gb in Raid 0 +500gb 32mb seagate
      • Graphics card(s):
      • BFG GTX 260 Maxcore OC2
      • PSU:
      • Corsair 650w TX
      • Case:
      • Stacker 831 black
      • Operating System:
      • XP Pro
      • Monitor(s):
      • 23" fujitsu 3230t LCD 1920*1080
      • Internet:
      • 8mb
    is this patch needed with 0.9.2?

    edit never mind just seen it aint

  7. #7
    Comfortably Numb directhex's Avatar
    Join Date
    Jul 2003
    Location
    /dev/urandom
    Posts
    17,074
    Thanks
    228
    Thanked
    1,027 times in 678 posts
    • directhex's system
      • Motherboard:
      • Asus ROG Strix B550-I Gaming
      • CPU:
      • Ryzen 5900x
      • Memory:
      • 64GB G.Skill Trident Z RGB
      • Storage:
      • 2TB Seagate Firecuda 520
      • Graphics card(s):
      • EVGA GeForce RTX 3080 XC3 Ultra
      • PSU:
      • EVGA SuperNOVA 850W G3
      • Case:
      • NZXT H210i
      • Operating System:
      • Ubuntu 20.04, Windows 10
      • Monitor(s):
      • LG 34GN850
      • Internet:
      • FIOS
    remember, this exploit STILL exists in internet explorer, and has done for years.

    the problem exists because firefox passes addresses to its host OS (macos, linux, windows) to retrieve an address - they didn't specifically have code there to say "windows can't even get that right, run for the hills"

  8. #8
    dgr
    dgr is offline
    Senior Member
    Join Date
    Jul 2003
    Posts
    621
    Thanks
    0
    Thanked
    0 times in 0 posts
    Quote Originally Posted by Zathras
    A flaw in Windows more than anything. This patch stops Mozilla/Firefox being used to exploit the flaw. Look at the speed of response and ease of patching compared with IE too.
    Quote Originally Posted by Stoo
    Yup, the problem was found and patched far more rapidly and easily than IE ever would be..
    have any of you actually read the slashdot writeup of this?

    it wasn't picked up quickly - the question over whether or not to close the hole has been around in bugzilla for over TWO YEARS. It was only when an exploit was found recently that the patch was provided.
    dothan 745 @ 2.4ghz | 2gb Corsair XMS (2-3-3-6) | dual raptors (raid0) | ATI 9700pro | CM201 | dual lg 1810

  9. #9
    Chaos Monkey Apex's Avatar
    Join Date
    Jul 2003
    Location
    Huddersfield
    Posts
    4,707
    Thanks
    1,142
    Thanked
    285 times in 204 posts
    • Apex's system
      • Motherboard:
      • Asus Z87M-PLUS
      • CPU:
      • Intel i5-4670K
      • Memory:
      • 32 GiB
      • Storage:
      • 20 TiB
      • Graphics card(s):
      • PowerColor Radeon RX 6700 Fighter 10GB OC
      • PSU:
      • 750
      • Case:
      • Core View 21
      • Operating System:
      • Windows 10 pro
      • Monitor(s):
      • Dell S2721DGFA
      • Internet:
      • 200Mb nTL Cable
    Quote Originally Posted by Kez
    With all the IE bashing going on recently, a flaw has been discovered in one of its competitor's browsers. The flaw affects both Mozilla and Firefox:

    This is indeed a bit of a blow for the praised Mozilla browsers. On the plus side, however, a fix is already available. Get it here. It's good to know that even when such bugs are found, they are fixed promptly.

    Find the full article on eWeek.

    So guys, what do you all make of this?

    At least this got fixed like in the same day unlike IE that never seems to get fixed, also IE has the same vun and iirc has not been fixed !

  10. #10
    Sublime HEXUS.net
    Join Date
    Jul 2003
    Location
    The Void.. Floating
    Posts
    11,819
    Thanks
    213
    Thanked
    233 times in 160 posts
    • Stoo's system
      • Motherboard:
      • Mac Pro
      • CPU:
      • 2*Xeon 5450 @ 2.8GHz, 12MB Cache
      • Memory:
      • 32GB 1600MHz FBDIMM
      • Storage:
      • ~ 2.5TB + 4TB external array
      • Graphics card(s):
      • ATI Radeon HD 4870
      • Case:
      • Mac Pro
      • Operating System:
      • OS X 10.7
      • Monitor(s):
      • 24" Samsung 244T Black
      • Internet:
      • Zen Max Pro
    Quote Originally Posted by dgr
    have any of you actually read the slashdot writeup of this?

    it wasn't picked up quickly - the question over whether or not to close the hole has been around in bugzilla for over TWO YEARS. It was only when an exploit was found recently that the patch was provided.
    So? As hexxy pointed out, IE still hasn't fixed the same bug, and tbh it's more of a windows handling bug than a specific flaw with the browser, as neither the Linux or Mac editions of the browser are vunerable to the exploit.
    (\__/)
    (='.'=)
    (")_(")

  11. #11
    Comfortably Numb directhex's Avatar
    Join Date
    Jul 2003
    Location
    /dev/urandom
    Posts
    17,074
    Thanks
    228
    Thanked
    1,027 times in 678 posts
    • directhex's system
      • Motherboard:
      • Asus ROG Strix B550-I Gaming
      • CPU:
      • Ryzen 5900x
      • Memory:
      • 64GB G.Skill Trident Z RGB
      • Storage:
      • 2TB Seagate Firecuda 520
      • Graphics card(s):
      • EVGA GeForce RTX 3080 XC3 Ultra
      • PSU:
      • EVGA SuperNOVA 850W G3
      • Case:
      • NZXT H210i
      • Operating System:
      • Ubuntu 20.04, Windows 10
      • Monitor(s):
      • LG 34GN850
      • Internet:
      • FIOS
    that's not to say that this isn't an embarassment, but compared to internet explorer, the mozilla suite is still golden when it comes to security.

  12. #12
    dgr
    dgr is offline
    Senior Member
    Join Date
    Jul 2003
    Posts
    621
    Thanks
    0
    Thanked
    0 times in 0 posts
    Quote Originally Posted by Stoo
    So? As hexxy pointed out, IE still hasn't fixed the same bug, and tbh it's more of a windows handling bug than a specific flaw with the browser, as neither the Linux or Mac editions of the browser are vunerable to the exploit.
    my point is its not possible to bash IE without bashing Mozilla here also - they waited almost TWO YEARS between knowing of the bug and actually fixing it. not only that, it was published on an open message board (bugzilla) where ANYONE could have written an exploit. At least with IE, the bugs aren't necessarily published (at least in such detail) so far before a fiz is released.

    In addition, its more of a "feature" of the handler - IMO it should have been for Mozilla to not use said feature, rather than for Microsoft to provide it. Though this is debatable.

    Having said this, I do feel safer using Firebird (not to mention the features...).
    dothan 745 @ 2.4ghz | 2gb Corsair XMS (2-3-3-6) | dual raptors (raid0) | ATI 9700pro | CM201 | dual lg 1810

  13. #13
    Comfortably Numb directhex's Avatar
    Join Date
    Jul 2003
    Location
    /dev/urandom
    Posts
    17,074
    Thanks
    228
    Thanked
    1,027 times in 678 posts
    • directhex's system
      • Motherboard:
      • Asus ROG Strix B550-I Gaming
      • CPU:
      • Ryzen 5900x
      • Memory:
      • 64GB G.Skill Trident Z RGB
      • Storage:
      • 2TB Seagate Firecuda 520
      • Graphics card(s):
      • EVGA GeForce RTX 3080 XC3 Ultra
      • PSU:
      • EVGA SuperNOVA 850W G3
      • Case:
      • NZXT H210i
      • Operating System:
      • Ubuntu 20.04, Windows 10
      • Monitor(s):
      • LG 34GN850
      • Internet:
      • FIOS
    http://bugzilla.mozilla.org/show_bug.cgi?id=250180

    seems the bug was opened on Opened: 2004-07-07 06:46 PDT

    http://www.mccanless.us/mozilla/mozilla_bugs.htm to test it on your browser

  14. #14
    Senior Member
    Join Date
    Nov 2003
    Location
    central london
    Posts
    215
    Thanks
    0
    Thanked
    0 times in 0 posts
    Quote Originally Posted by dgr
    ...they waited almost TWO YEARS between knowing of the bug and actually fixing it. not only that, it was published on an open message board (bugzilla) where ANYONE could have written an exploit. At least with IE, the bugs aren't necessarily published (at least in such detail) so far before a fiz is released.
    if you knew this, then why didn't you write a patch to fix it? that is what bugzilla is for - it enables those with the know-how to fix problems.
    anyhow, this is an exploit on a pre-release technology preview of a product. internet explorer is apparently finished, and a final release version.



  15. #15
    HEXUS webmaster Steve's Avatar
    Join Date
    Nov 2003
    Posts
    14,283
    Thanks
    293
    Thanked
    841 times in 476 posts
    Quote Originally Posted by këö¬t
    ...anyhow, this is an exploit on a pre-release technology preview of a product.
    Actually it affects Mozilla too, not just Firefox.
    PHP Code:
    $s = new signature();
    $s->sarcasm()->intellect()->font('Courier New')->display(); 

  16. #16
    dgr
    dgr is offline
    Senior Member
    Join Date
    Jul 2003
    Posts
    621
    Thanks
    0
    Thanked
    0 times in 0 posts
    Quote Originally Posted by directhex
    http://bugzilla.mozilla.org/show_bug.cgi?id=250180

    seems the bug was opened on Opened: 2004-07-07 06:46 PDT

    http://www.mccanless.us/mozilla/mozilla_bugs.htm to test it on your browser
    http://bugzilla.mozilla.org/show_bug.cgi?id=167475

    Opened: 2002-09-09 04:41 PDT

    Quote Originally Posted by këö¬t
    if you knew this, then why didn't you write a patch to fix it? that is what bugzilla is for - it enables those with the know-how to fix problems.
    anyhow, this is an exploit on a pre-release technology preview of a product. internet explorer is apparently finished, and a final release version.
    Actually I only recently found out. And I'm not completely up to date with writing Mozilla extentions - neither should I be; there are plenty, more useful, technologies to learn about first.
    dothan 745 @ 2.4ghz | 2gb Corsair XMS (2-3-3-6) | dual raptors (raid0) | ATI 9700pro | CM201 | dual lg 1810

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. 'Critical' flaw found in Windows
    By Basher in forum General Discussion
    Replies: 8
    Last Post: 25-07-2003, 04:49 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •