Critical cross-browser flaw in Firefox revealed

Most Popular

Downloads & Drivers

K-Lite Mega Codec Pack 4.4.5

LimeWire 4.18.8

Aplus Video Joiner 8.85

Express Burn 4.17

More Downloads

TS Community

Recent Discussions

Community Archive

Laptop screen does not turn on

Planning New Build

Logitech G5 owners query

Outlook Express database repair tool

Can't install windows

More at the Forum

Newsletter

Our Feeds

Information Technology

Critical cross-browser flaw in Firefox revealed

By Justin Mann, TechSpot.com
Published: July 10, 2007, 11:26 AM EST

Even the mighty Firefox is vulnerable to attack, and we see this today with Secunia's publication of a newly discovered security flaw in the popular browser. Affecting only the 2.0.x branch, this flaw could potentially be exploited by malicious users to compromise a machine. The “Firefox URL” function is one method of exploitation, and a simple posted fix is to disable that particular handler.

This flaw is interesting in that it can be carried across browsers, with bad data from IE resulting in compromise:

The problem is that Firefox registers the "firefoxurl://" URI handler and allows invoking firefox with arbitrary command line arguments. Using e.g. the "-chrome" parameter it is possible to execute arbitrary Javascript in chrome context. This can be exploited to execute arbitrary commands e.g. when a user visits a malicious web site using Microsoft Internet Explorer.
The flaw has been noted elsewhere. We'll likely see an update from Mozilla soon.

Related Stories

TechSpot - PC Technology News and Analysis

Most Popular

Downloads & Drivers

TS Community

Subscribe

Information Technology

Critical cross-browser flaw in Firefox revealed

More TechSpot Suggestions...