Firefox “firefoxurl” URI Handler Registration Vulnerability

By | July 10, 2007 | 2 Comments


Secunia reported today about a new exploit for Firefox 2.0.0.4 (might affect previous builds as well).

A vulnerability has been discovered in Firefox, which can be exploited by malicious people to compromise a user’s system.

Solution:
Do not browse untrusted sites.
Disable the “Firefox URL” URI handler.

Thor Larholm noted:

There is an input validation flaw in Internet Explorer that allows you to specify arbitrary arguments to the process responsible for handling URL protocols. This is the same type of input validation vulnerability that I discovered in the Safari 3 beta.


About (Author Profile)


Vygantas is a former web designer whose projects are used by companies such as AMD, NVIDIA and departed Westood Studios. Being passionate about software, Vygantas began his journalism career back in 2007 when he founded FavBrowser.com. Having said that, he is also an adrenaline junkie who enjoys good books, fitness activities and Forex trading.

  • som1

    Disable the “Firefox URL” URI handler.

    how ?

  • http://www.favbrowser.com Vygantas Lipskas

    So far it seems work in this way:

    Open Windows Explorer, like enter My Computer (Not Firefox or any other browser). Click “Tools” in the top menu, find “Folder Options…”

    Select “File Types”, find:

    (NONE) Firefox URL

    Delete it.