N/A

Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670.

N/A

N/A

Microsoft IE FirefoxURL协议处理器命令注入漏洞

Internet Explorer是微软发布的非常流行的WEB浏览器。 IE在安装了Firefox的机器上调用特定的协议处理器时存在命令注入漏洞，远程攻击者可能利用此漏洞在用户机器上执行任意命令。 在Windows系统上，如果安装了Firefox的话，Firefox会安装一些Mozilla专用协议(如FirefoxURL和FirefoxHTML)的协议处理器。如果Windows遇到了无法处理的URL协议，就会在Windows注册表中搜索适当的协议处理器，找到了正确的处理器后就会向其传送URL字符串，但没有

N/A

N/A