A bug report has been filed to the Mozilla Firefox Bugzilla that a new vulnerability has been discovered in Firefox, only on *nix based systems. The vulnerability is created through the commands passed to Firefox through the shell when Firefox is called upon to open a URL from an external program (ex. Mozilla Thunderbird). A potential hacker can send an email to a user and when the user click on a url in the mail, and Firefox is sent a shell command to open the URL, the hacker has the ability to run various commands which could lead to a compromise in the user's system. It has been confirmed on Fedora Core 4. There is currently no patch or workaround available yet.
No comments:
Post a Comment