HTTP: Mozilla Local File Execution

This signature detects a malicious link contained in a HTML document. Attackers can embed a maliciously crafted link in an HTML document; when the HTML document is viewed, the link executes a file in the local user profile directory.

Extended Description

Mozilla Internet Browser is reported prone to a weakness that may permit an external protocol to be called without any user interaction. This may expose Mozilla users to vulnerabilities that exist in the underlying operating system or in the software that is the default handler for a registered protocol. Vulnerabilities in the applications that are invoked by a protocol, and vulnerabilities in the way a called protocol is handled by the host operating system may be exploited using this weakness in the Mozilla browser.

Affected Products

K-meleon k-meleon

References

BugTraq: 10681

CVE: CVE-2004-0648

URL: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0290.html http://www.mozilla.org/security/shell.html http://www.ciac.org/ciac/bulletins/o-175.shtml

Short Name

HTTP:STC:MOZILLA:SHELL

Severity

Minor

Recommended

False

Recommended Action

None

HTTP: Mozilla Local File Execution

Extended Description

Affected Products

References

Found a potential security threat?