CVE ID:	CVE-2005-2968
Description:	Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.
Test IDs:	1.3.6.1.4.1.25623.1.0.55476   1.3.6.1.4.1.25623.1.0.55391   1.3.6.1.4.1.25623.1.0.55417   1.3.6.1.4.1.25623.1.0.55477
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2968 Debian Security Information: DSA-868 (Google Search) http://www.debian.org/security/2005/dsa-868 Debian Security Information: DSA-866 (Google Search) http://www.debian.org/security/2005/dsa-866 http://www.mandriva.com/security/advisories?name=MDKSA-2005:174 RedHat Security Advisories: RHSA-2005:785 http://www.redhat.com/support/errata/RHSA-2005-785.html RedHat Security Advisories: RHSA-2005:791 http://www.redhat.com/support/errata/RHSA-2005-791.html SCO Security Bulletin: SCOSA-2005.49 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://www.ubuntu.com/usn/usn-186-1 http://www.ubuntu.com/usn/usn-186-2 http://www.ubuntu.com/usn/usn-200-1 CERT/CC vulnerability note: VU#914681 http://www.kb.cert.org/vuls/id/914681 BugTraq ID: 15495 http://www.securityfocus.com/bid/15495 BugTraq ID: 14888 http://www.securityfocus.com/bid/14888 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11105 http://www.vupen.com/english/advisories/2005/1794 http://www.vupen.com/english/advisories/2005/1824 http://secunia.com/advisories/16869 http://secunia.com/advisories/17042 http://secunia.com/advisories/17090 http://secunia.com/advisories/17149 http://secunia.com/advisories/17284 http://secunia.com/advisories/17263

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: