Argument Injection Vulnerability in Mozilla Firefox Affects Mail Client Integration
CVE-2006-2057

Currently unrated

Key Information:

Vendor: Microsoft
Status: Outlook; Avant Browser; Ie; Firefox
Vendor: CVE Published:; 26 April 2006

What is CVE-2006-2057?

An argument injection vulnerability exists in Mozilla Firefox 1.0.6 that allows user-assisted remote attackers to manipulate command line arguments passed to the mail client. This is achieved by exploiting the mailto: scheme handler through the use of double quote (" ) characters, which can lead to the execution of the mail client, such as Microsoft Outlook, with arbitrary filenames attached. The precise nature of this issue may depend on the implementation specifics or the underlying behavior of the Microsoft API.

References

http://www.vupen.com/english/advisories/2006/1538

vdb-entryx_refsource_VUPEN

http://ingehenriksen.blogspot.com/2006/04/office-2003-fil...

x_refsource_MISC

http://www.securityfocus.com/archive/1/432009/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 26, 2006
Vulnerability Reserved
Apr 26, 2006