[ news_security_news ]
Firefox To Fix Handler Vulnerability
David Utter
Staff Writer
2007-07-11
 Insider Reports RSS Feed
A problem with the 'firefoxurl' URI handler had been partially blamed on Internet Explorer's failure to properly validate input sent to the handler. Mozilla plans to fix its component.
It turns out that the target application needs to be fixed, even though the initial views of an input validation issue placed some blame on Microsoft's browser.
In confirming the flaw, and Mozilla's intent to repair it, Secunia found that the latest version of Firefox, 2.0.0.4, running on a fully-patched Windows XP SP2 system, would allow arbitrary code to be executed by the 'firefoxurl' handler.
"The problem is that Firefox registers the "firefoxurl://" URI handler and allows invoking firefox with arbitrary command line arguments. Using e.g. the "-chrome" parameter it is possible to execute arbitrary Javascript in chrome context. This can be exploited to execute arbitrary commands e.g. when a user visits a malicious web site using Microsoft Internet Explorer," Secunia said in its analysis.
SecurityProNews also heard from Thomas Kristensen, CTO at Secunia, about the problem. He said it was a Firefox issue, not an IE one, based on his firm's analysis. Kristensen also noted how URI handlers have been problematic for vendors beyond Mozilla and Microsoft, naming Apple, Opera, and "certain Linux projects" as others.
"Registering a URI handler must be done with care, since Windows does not have any proper way of knowing what kind of input potentially could be dangerous for an application (i.e. how should Windows know that the string '-chrome' could be dangerous for Firefox?)," said Kristensen.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
