CVE-2006-2057

Name of the Vulnerable Software and Affected Versions Mozilla Firefox version 1.0.6

Description The issue allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler. This could potentially be used to launch a mail client, such as Microsoft Outlook, with an arbitrary filename as an attachment. It is unclear whether this issue is specific to the implementation or a problem in the Microsoft API.

Recommendations For Mozilla Firefox version 1.0.6, consider avoiding the use of " (double quote) characters in mailto: scheme handlers to minimize the risk of exploitation. As a temporary workaround, restrict the invocation of external mail clients until a patch is available.