WinInsider

Mozilla flaw lets links run arbitrary programs

eWeek | at 09-Jul-04 6:42 | by Mike

The Mozilla Foundation has confirmed findings that its Mozilla and Firefox browsers are vulnerable to attacks using the "shell:" scheme, which execute arbitrary code under Windows without the user having to click a link.

The reports indicate that links in a Web page using the "shell:" scheme can execute arbitrary programs on the user's system. The attacker would have to know the location in the file system of the program, but there are known programs in Windows with buffer overflows.

This means the attacker could create a link in a Web page that could execute arbitrary code under Windows. Through the use of an appropriate META tag, the attack could load without the user having to click a link explicitly.

WinInsider

Mozilla flaw lets links run arbitrary programs

WinInsider

Microsoft hails Chicago datacenter opening 3

Toyota to supply hybrid technology to Mazda 1

Microsoft is shit magnet 86

MSN.com Beta Launch 95

Hotmail goes international 13

Hotmail goes mobile in Asia 89

PDC 2008: Windows 7 Rocks 16

Plus! for XP gets a free update! 33

About

Forums

Membership

Contact

Sitemap

Subscribe