Peter Zelezny

**Name of the Vulnerable Software and Affected Versions** Opera versions prior to 8.51 **Description** The issue allows remote attackers to execute arbitrary code via shell metacharacters (backticks) in a URL that another product provides in a command line argument when launching Opera. This is due to the improper handling of the command line interface, allowing the injection of backtick (`) shell commands into the URL parameter, resulting in a loss of integrity. **Recommendations** For Opera versions prior to 8.51, update to version 8.51 or later to resolve the issue. As a temporary workaround, consider avoiding the use of backticks in URLs when launching Opera from another product. Restrict access to the command line interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 1.0.7 Mozilla Suite versions prior to 1.7.12 **Description** The issue allows remote attackers to spawn windows without user interface components, which could be used to conduct spoofing or phishing attacks. **Recommendations** For Firefox versions prior to 1.0.7, update to version 1.0.7 or later. For Mozilla Suite versions prior to 1.7.12, update to version 1.7.12 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox version 1.0.6 Mozilla version 1.7.10 **Description** The issue allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line. This URL is sent unfiltered to bash, potentially leading to command execution. **Recommendations** For Firefox version 1.0.6, update to a version that filters shell metacharacters in URLs provided on the command line. For Mozilla version 1.7.10, update to a version that filters shell metacharacters in URLs provided on the command line.