Re: PCWorks: "Highly critical" Vulnerability-Firefox "firefoxurl" URI Handler Registration

Wed, 11 Jul 2007 12:43:07 -0700 

Clint, have you tried the bug?
Open IE and put this into the address field "firefoxurl://larholm.com", and it will execute the bug and use the CMD.exe to attempt to open Firefox. It will launch Firefox and ask you an External Protocol Request to handle the link where you click Launch application or cancel. The firefoxurl://larholm.com takes you to the page of the developer who discovered the bug, http://larholm.com/2007/07/10/internet-explorer-0day-exploit/ 

And all this in an attempt to handle Vista compatibility.

Peter Kaulback

Clint - OrpheusComputing.com & ComputersCustomBuilt.com wrote:

This is a pretty bad one with apparently no fix.  I checked all 
the URL's I don't see any workaround where they mentioned: 
"Added workaround to the 'Solution' section."

-Clint


TITLE:
Firefox "firefoxurl" URI Handler Registration Vulnerability

SECUNIA ADVISORY ID:
SA25984

VERIFY ADVISORY:
http://secunia.com/advisories/25984/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:

From remote


REVISION:
1.1 originally posted 2007-07-10

SOFTWARE:
Mozilla Firefox 2.0.x
http://secunia.com/product/12434/

DESCRIPTION:
A vulnerability has been discovered in Firefox, which can be
exploited by malicious people to compromise a user's system.


The problem is that Firefox registers the "firefoxurl://" URI 
handler
and allows invoking firefox with arbitrary command line 
arguments.

Using e.g. the "-chrome" parameter it is possible to  execute

arbitrary Javascript in chrome context. This can be exploited 
to
execute arbitrary commands e.g. when a user visits a malicious 
web

site using Microsoft Internet Explorer.


The vulnerability is confirmed in Firefox version 2.0.0.4 on a 
fully

patched Windows XP SP2. Other versions may also be affected.

SOLUTION:
Do not browse untrusted sites.

Disable the "Firefox URL" URI handler.

CHANGELOG:
2007-07-10: Added workaround to the "Solution" section.

ORIGINAL ADVISORY:
http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html

http://larholm.com/2007/07/10/internet-explorer-0day-exploit/

============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================














    

  • PCWorks: "... Clint - OrpheusComputing.com & ComputersCustomBuilt.com
    • 

    • 

    • Re: PCWor... Peter Kaulback
      • 

    










					Reply via email to