vacancies advertise contact news tip The Vault
facebook rss twitter

0-day vulnerability in Firefox... or is it IE?

by Steve Kerrison on 11 July 2007, 09:22

Quick Link: HEXUS.net/qajcq

Add to My Vault: x

Security researchers have been feverishly blogging about a new cross-browser vulnerability that involves using IE to launch Firefox, which then executes arbitrary JavaScript in the foxy open-source software.

The exploit starts by directing a user to click a link in IE that uses the "firefoxurl:" URI. As one might expect, this URI allows a page to launch a new page in... Firefox! Thor Larholm, discoverer of the flaw, writes: "it is possible to specify arbitrary arguments to the “firefox.exe” process. This is where the “-chrome” command line argument comes in handy, as it allows us to specify arbitrary Javascript code which is then executed within the privileges of trusted Chrome content.".

Yummy - quite nasty really, provided you have use IE but have FF2 installed too. For those of you who like to pretend to root yourselves, there's a list of demos of the exploit.

Perhaps more interesting than the flaw itself, is the fact that researchers and blogging security folks can't agree on which browser is really at fault. IE allows the dodgy request to be sent, but Firefox accepts it.

Mozilla's said it'll patch the vulnerability so that IE doesn't go messing it around any more, also slipping in a recommendation to run Firefox all the time. Microsoft reckons IE's off the hook, suggesting that the problem doesn't lie with Microsoft. And perhaps that's true.

It all boils down to whether IE can know that its sending bad data to Firefox. IE needn't know what kinds of input Firefox should accept, so all it can do is ensure the URI is valid in the broader sense. Does it do that? We'll let the security researchers figure that one out.



HEXUS Forums :: 3 Comments

Login with Forum Account

Don't have an account? Register today!
Wish we could remove IE from Windows XP! Crazy ***
Instead of blaming the other, both should work towards the common goal in the spirit of the community - after all, without the other their would be less inpiration to raise their game…
indeed, If only we could get rid of this stupid fragging IE from windows…

just glad most of my boxen that run linux are not vulnerable to this.