CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.5%
A Secunia Advisory reports:
Peter Zelezny has discovered a vulnerability in Firefox,
which can be exploited by malicious people to compromise a
user’s system.
The vulnerability is caused due to the shell script used
to launch Firefox parsing shell commands that are enclosed
within backticks in the URL provided via the command
line. This can e.g. be exploited to execute arbitrary
shell commands by tricking a user into following a
malicious link in an external application which uses
Firefox as the default browser.