FreeBSD : firefox & mozilla -- command line URL shell command injection (2e28cefb-2aee-11da-a263-0001020eed82)
High Nessus Plugin ID 21408
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionA Secunia Advisory reports :
Peter Zelezny has discovered a vulnerability in Firefox, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within backticks in the URL provided via the command line. This can e.g. be exploited to execute arbitrary shell commands by tricking a user into following a malicious link in an external application which uses Firefox as the default browser.
SolutionUpdate the affected packages.