Critical cross-browser flaw in Firefox revealed

Most Popular

Downloads & Drivers

Downloads

Drivers

WinDVD 10.05 Pro 2010 (formerly WinDVD Platinum)

Opera 10.10 for Windows

Mp3tag 2.45

FinalBurner 2.15

Google Chrome 4.0.249.00 Beta

More Downloads

TS Community

User Gallery

Recent Discussion

Desk by brucel	old rig # 2 / rear view by KingCody
front view of,Kingwin KT-436S-WM by ambivolent	My Art by Cyberbabe

More at the Forum

Newsletter

Our Feeds

Information Technology

Critical cross-browser flaw in Firefox revealed

By Justin Mann, TechSpot.com
Published: July 10, 2007, 11:26 AM EST

Even the mighty Firefox is vulnerable to attack, and we see this today with Secunia's publication of a newly discovered security flaw in the popular browser. Affecting only the 2.0.x branch, this flaw could potentially be exploited by malicious users to compromise a machine. The “Firefox URL” function is one method of exploitation, and a simple posted fix is to disable that particular handler.

This flaw is interesting in that it can be carried across browsers, with bad data from IE resulting in compromise:

The problem is that Firefox registers the "firefoxurl://" URI handler and allows invoking firefox with arbitrary command line arguments. Using e.g. the "-chrome" parameter it is possible to execute arbitrary Javascript in chrome context. This can be exploited to execute arbitrary commands e.g. when a user visits a malicious web site using Microsoft Internet Explorer.
The flaw has been noted elsewhere. We'll likely see an update from Mozilla soon.

Related Stories

TechSpot - PC Technology News and Analysis

Most Popular

Downloads & Drivers

TS Community

Subscribe

Information Technology

Critical cross-browser flaw in Firefox revealed

Featured Tech Content - Inside TechSpot