also @ TechSpot: Most Anticipated PC Games of 2010: From A to Z

Most Popular

Top Stories Commented  Featured 

ATI Radeon HD 5570 Review  featured

TechSpot's PC Buying Guide: Always up to date!  featured

Weekend tech reading: Microsoft to patch 17-year-old bug

Steam weekend sale: Far Cry Complete for $14.99

Windows 7 overtakes Vista among enthusiasts, plus other interesting trends

Microsoft rumored to showcase Windows Mobile 7 next week with Zune-like interface

LGA 775 holds 77% share in 2009, 50% 2010

Patch Tuesday to plug 26 holes in Windows and Office

More Top Stories

Downloads & Drivers

Downloads   Drivers  

GameGain 2.2.8.2010

Ashampoo Photo Commander 7.31

Ashampoo UnInstaller 4.04

VueScan 8.6.10 for Mac OS X

Speed Download 5.2.11 for Mac OS X

More Downloads

TS Community

  User Gallery   Recent Discussion

OS History - Win98
by lopdog
nero
by Diremon

CPU-Z MOBO
by Azeath
So Tiny!
by Technochicken
More at the Forum

Subscribe

Newsletter Our Feeds

Receive weekly updates on new articles, news and contests in your mail!

Email address:

Industry News

Critical cross-browser flaw in Firefox revealed

By Justin Mann, TechSpot.com
Published: July 10, 2007, 11:26 AM EST
Even the mighty Firefox is vulnerable to attack, and we see this today with Secunia's publication of a newly discovered security flaw in the popular browser. Affecting only the 2.0.x branch, this flaw could potentially be exploited by malicious users to compromise a machine. The “Firefox URL” function is one method of exploitation, and a simple posted fix is to disable that particular handler.

This flaw is interesting in that it can be carried across browsers, with bad data from IE resulting in compromise:

The problem is that Firefox registers the "firefoxurl://" URI handler and allows invoking firefox with arbitrary command line arguments. Using e.g. the "-chrome" parameter it is possible to execute arbitrary Javascript in chrome context. This can be exploited to execute arbitrary commands e.g. when a user visits a malicious web site using Microsoft Internet Explorer.
The flaw has been noted elsewhere. We'll likely see an update from Mozilla soon.

Related Stories

Post a comment
RSS