FreeBSD : firefox & mozilla -- command line URL shell command injection (2e28cefb-2aee-11da-a263-0001020eed82)

This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

A Secunia Advisory reports :

Peter Zelezny has discovered a vulnerability in Firefox, which can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused due to the shell script used to launch
Firefox parsing shell commands that are enclosed within backticks in
the URL provided via the command line. This can e.g. be exploited to
execute arbitrary shell commands by tricking a user into following a
malicious link in an external application which uses Firefox as the
default browser.

See also :

https://bugzilla.mozilla.org/show_bug.cgi?id=307185
http://www.mozilla.org/security/announce/mfsa2005-59.html
http://www.nessus.org/u?afef4447

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21408 (freebsd_pkg_2e28cefb2aee11daa2630001020eed82.nasl)

Bugtraq ID:

CVE ID: CVE-2005-2968

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now