Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vulnarability In Firefox 2.0


  • Please log in to reply
No replies to this topic

#1 HIPPO1023

HIPPO1023

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 12 July 2007 - 03:52 AM

Firefox "firefoxurl" URI Handler Registration Vulnerability

Software: Mozilla Firefox 2.0.x
Secunia Advisory: SA25984
CVE reference: CVE-2007-3670 (Secunia mirror)

A vulnerability has been discovered in Firefox, which can be exploited by malicious people to compromise a user's system.

The problem is that Firefox registers the "firefoxurl://" URI handler and allows invoking firefox with arbitrary command line arguments. Using e.g. the "-chrome" parameter it is possible to execute arbitrary Javascript in chrome context. This can be exploited to execute arbitrary commands e.g. when a user visits a malicious web site using Microsoft Internet Explorer.

The vulnerability is confirmed in Firefox version 2.0.0.4 on a fully patched Windows XP SP2. Other versions may also be affected.



BC AdBot (Login to Remove)

 


m



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users