RSS

Firefox Process Enables IE Flaw

David Utter
Staff Writer
2007-07-10

Insider Reports RSS Feed

Both the Internet Explorer and Firefox browsers are to blame for an input validation problem similar to one seen in Apple's Safari browser.

A Danish man with an interest in hacking has found some odd behavior taking place with the two leading web browsers.

Thor Lanholm blames an input validation flaw on Internet Explorer, which can pass certain arbitrary arguments to a protocol handler installed by Firefox.

"When Internet Explorer encounters a reference to content inside the FirefoxURL URL scheme it calls ShellExecute with the EXE image path and passes the entire request URI without any input validation," said Lanholm.

When that happens, Firefox.exe will execute arbitrary arguments sent to it in this manner. It's a cross browser command injection issue, according to Lanholm.

Whether this is Microsoft's problem or Mozilla's is in question. Internet Explorer isn't validating input, but Firefox isn't checking for these hijinks either.

About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More news_security_news Articles

Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Featured On:

article resources

WebProWorld.com

•	Get in-touch with industry experts and leaders
•	Post your site for review by expert and peers
•	Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com


Titan Quest Forum The #1 Titan Quest forum
Halo 3 Forum The best Halo, Halo 2, Halo 3 forum
Nintendo Wii Nintendo Wii news and views
Mac Software The best in OS X freeware
Graphics Forum Your source for graphic tutorials