Уязвимость внедрения аргументов командной строки в Mozilla Firefox на Windows при использовании как обработчика для не поддерживаемых по умолчанию типов файлов
Описание
Злоумышленник способен выполнить произвольный код через внедрение аргументов командной строки во время вызова Firefox в качестве обработчика для определённых неподдерживаемых типов файлов. Это требует настройки Firefox в качестве приложения по умолчанию для данного типа файла, и чтобы файл, загруженный в стороннее приложение, неадекватно очищал данные URL. В этой ситуации при клике по ссылке в стороннем приложении возможно извлечение и выполнение файлов, местоположение которых передано через аргументы командной строки.
Примечание: эта проблема затрагивает только операционные системы Windows, когда Firefox настроен в качестве обработчика для типов файлов, отличных от стандартных. Другие операционные системы не подвержены этой уязвимости.
Затронутые версии ПО
- Firefox < 73
- Firefox < ESR68.5
Тип уязвимости
Выполнение произвольного кода
Ссылки
- Issue TrackingPatchVendor Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
- Issue TrackingPatchVendor Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одновременно
Одно из
EPSS
8.8 High
CVSS3
5.1 Medium
CVSS2
Дефекты
Связанные уязвимости
Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that insufficiently sanitized URL data. In that situation, clicking a link in the third party application could have been used to retrieve and execute files whose location was supplied through command line arguments. Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected. This vulnerability affects Firefox < 73 and Firefox < ESR68.5.
Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that insufficiently sanitized URL data. In that situation, clicking a link in the third party application could have been used to retrieve and execute files whose location was supplied through command line arguments. Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected. This vulnerability affects Firefox < 73 and Firefox < ESR68.5.
Command line arguments could have been injected during Firefox invocat ...
Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that insufficiently sanitized URL data. In that situation, clicking a link in the third party application could have been used to retrieve and execute files whose location was supplied through command line arguments. Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected. This vulnerability affects Firefox < 73 and Firefox < ESR68.5.
EPSS
8.8 High
CVSS3
5.1 Medium
CVSS2