{"vuid":"VU#996798","idnumber":"996798","name":"Mozilla Firefox insecurely handles content from external applications","keywords":["Mozilla","Firefox","Netscape 8","arbitrary code execution","external URI","Information disclosure","inline javascript","windows reuse","xss","css"],"overview":"Mozilla Firefox does not properly enforce domain restrictions on content sent by external applications, allowing a remote attacker to execute code on a vulnerable system.","clean_desc":"Mozilla Firefox can accept links from external applications, such as Flash and Quicktime. When such an application attempts to open a link, it is sent to the default web browser. The default configuration for Firefox is to open links from other applications in the most recent tab or window. When Firefox receives a javascript: URI from an external application, it will execute within the security context of the page currently displayed by the browser, thus creating a cross-domain violation. If Firefox is displaying a privileged chrome: URI, then the external application could cause Firefox to execute arbitrary code. For more information, please refer to Mozilla Foundation Security Advisory 2005-53. This vulnerability affects Firefox versions prior to 1.0.5 and Netscape 8 versions prior to 8.0.3.1. Other web browsers based on Mozilla Firefox may also be affected.","impact":"By convincing a user to open a specially crafted media file, an attacker may be able to execute arbitrary code on a vulnerable system. Other applications that have the ability to send URIs to Firefox may also be used to trigger the vulnerability. Additional impacts are similar to cross-site scripting attacks, as described in CERT Advisory CA-2000-02.","resolution":"Upgrade\nThis vulnerability is addressed in Firefox 1.0.5  and Netscape 8.0.3.1 and later.","workarounds":"According to Mozilla Foundation Security Advisory 2005-53, the following workaround will mitigate this vulnerability. Set the browser to open external links in a new tab or new window. Open the Options dialog from the Tools menu \nSelect the Advanced icon in the left panel \nOpen the \"Tabbed Browsing\" group \nSet \"Open links from other applications in:\" to either new tab or new window Netscape 8 is configured by default to open external links in new tabs, which prevents exploitation of this vulnerability.","sysaffected":"","thanks":"This vulnerability was reported in \nMozilla Foundation Security Advisory 2005-53\n. Mozilla credits\n Michael Krax for providing information regarding this issue.","author":"This document was written by Jeff Gennari and Will Dormann.","public":["http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox","http://www.mozilla.org/security/announce/mfsa2005-53.html","http://secunia.com/advisories/16043/","http://secunia.com/advisories/16185/","http://securitytracker.com/id?1014469"],"cveids":["CVE-2005-2267"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-07-13T18:55:28Z","publicdate":"2005-07-13T00:00:00Z","datefirstpublished":"2005-08-02T19:00:57Z","dateupdated":"2005-08-15T12:50:50Z","revision":51,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"7","cam_population":"18","cam_impact":"15","cam_easeofexploitation":"6","cam_attackeraccessrequired":"12","cam_scorecurrent":"8.019","cam_scorecurrentwidelyknown":"9.8415","cam_scorecurrentwidelyknownexploited":"17.1315","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":8.019,"vulnote":null}