ID CVE-2005-2968
Summary Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.7.10:*:linux:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.7.10:*:linux:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-10-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2013-04-29T04:11:32.819-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.
family unix
id oval:org.mitre.oval:def:11105
status accepted
submitted 2010-07-09T03:56:16-04:00
title Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.
version 23
redhat via4
advisories
  • rhsa
    id RHSA-2005:785
  • rhsa
    id RHSA-2005:791
refmap via4
bid
  • 14888
  • 15495
cert-vn VU#914681
confirm
debian
  • DSA-866
  • DSA-868
mandriva MDKSA-2005:174
sco SCOSA-2005.49
secunia
  • 16869
  • 17042
  • 17090
  • 17149
  • 17263
  • 17284
ubuntu
  • USN-186-1
  • USN-186-2
  • USN-200-1
vupen
  • ADV-2005-1794
  • ADV-2005-1824
statements via4
contributor Mark J Cox
lastmodified 2006-08-30
organization Red Hat
statement Not vulnerable. These issues did not affect the versions of Mozilla and Firefox as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Last major update 11-10-2017 - 01:30
Published 20-09-2005 - 22:03
Back to Top