SMTP: Firefox HTML URL Injection
This signature detects e-mails containing a command injection in an HTML URL. A remote attacker could craft a URL designed to execute arbitrary shell commands. Successful exploitation enables the attacker to execute arbitrary shell commands with user permissions.
Extended Description
Mozilla Browser/Firefox are affected by an arbitrary command-execution vulnerability. This attack would occur in the context of the user running the vulnerable application and may facilitate unauthorized remote access. Mozilla Firefox 1.0.6 running on UNIX-based platforms is reportedly vulnerable. Other versions and applications employing Firefox functionality may be vulnerable as well. Mozilla Browser 1.7.x versions and Thunderbird 1.x versions are also vulnerable to this issue.
Affected Products
Conectiva linux
Short Name
SMTP:MAL:FIREFOX-HTML-URL-INJ
Severity
Minor
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
CVE-2005-2968 Firefox HTML Injection URL bid:14888
Release Date
02/22/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Conectiva
Mozilla
Turbolinux
Sgi
Slackware
Ubuntu
Mandriva
Debian
CVSS Score
7.5