Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Browser)  >   Mozilla Browser Vendors:
Mozilla Lets Remote Users Launch Local Windows Applications Via the 'shell:' Protocol
SecurityTracker Alert ID:  1010669
SecurityTracker URL:
CVE Reference:   CVE-2004-0648   (Links to External Site)
Updated:  Jul 13 2004
Original Entry Date:  Jul 9 2004
Impact:   Denial of service via network, Execution of arbitrary code via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to 1.7.1
Description:   A vulnerability was reported in Mozilla in the processing of the Windows 'shell:' protocol. A remote user can create HTML that, when loaded by the target user, can invoke certain Windows-based applications.

Mozilla confirmed that the bug reported by Joshua Perrymon affects Mozilla when running on Windows-based systems.

When the target is running Windows XP, a remote user can cause executables in certain known locations to be executed on the target user's system. If the target executable application contains a locally exploitable vulnerability, it is possible that the vulnerability can be exploited remotely via Mozilla.

Impact:   A remote user can cause a target application on the target user's system to be executed. This can be exploited to cause denial of service conditions or to exploit potential vulnerabilities in the target application.
Solution:   The vendor has released a fixed version (1.7.1), available at:

A patch is also available at:

Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  [Full-Disclosure] Mozilla Security Advisory 2004-07-08

Mozilla Security Advisory
July 7, 2004

Summary:    Windows shell: scheme exposed in Mozilla
Products:   Mozilla (Suite)
            Mozilla Firefox
            Mozilla Thunderbird
Fixed in:   Mozilla (Suite) 1.7.1
            Mozilla Firefox 0.9.2
            Mozilla Thunderbird 0.7.2

    Windows versions of Mozilla products pass URIs using the shell: scheme
    to the OS for handling. The effects depend on the version of windows,
    but on Windows XP it is possible to launch executables in known
    locations or the default handlers for file extensions. It could be
    possible to combine this effect with a known buffer overrun in one
    of these programs to create a remote execution exploit, although
    at this time we have confirmed only denial-of-service type attacks
    (including crashing the system in some cases).

    We urge people to install the patch available on or
    install the latest version of the software.

-Dan Veditz
Mozilla Security Group

Full-Disclosure - We believe in it.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC