Another flaw has been posted to Secunia, a trend for the past few days at least, to show that the Mozilla 'honeymoon' is over and that it's browser is as vulnerable as any other popular one on the market. Previously Mozilla had a good track record for being one of the more secure browsers, simply because it wasn't used enough. That all changed when Mozilla released Firefox, people now work around the clock finding its holes and exploits, with a larger userbase being affected.
It's important to note however that this exploit affects Unix/Linix systems, not Windows and today's 1.0.7 release contains a fix. Mozilla deserve credit and have repeatedly shown they are quick to respond to its exploits.
Peter Zelezny has discovered a vulnerability in Firefox, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within backticks in the URL provided via the command line. This can e.g. be exploited to execute arbitrary shell commands by tricking a user into following a malicious link in an external application which uses Firefox as the default browser (e.g. the mail client Evolution on Red Hat Enterprise Linux 4).
View: The Secunia Advisory