Top
Browse > Home / Firefox, Security / Firefox “firefoxurl” URI Handler Registration Vulnerability

Firefox “firefoxurl” URI Handler Registration Vulnerability

July 10, 2007

Secunia reported today about a new exploit for Firefox 2.0.0.4 (might affect previous builds as well).

A vulnerability has been discovered in Firefox, which can be exploited by malicious people to compromise a user’s system.

Solution:
Do not browse untrusted sites.
Disable the “Firefox URL” URI handler.

Thor Larholm noted:

There is an input validation flaw in Internet Explorer that allows you to specify arbitrary arguments to the process responsible for handling URL protocols. This is the same type of input validation vulnerability that I discovered in the Safari 3 beta.

Share and Enjoy (we know You want to): These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • StumbleUpon
  • Technorati
  • Google
  • Propeller

Be the first to know. Subscribe to our RSS Feed


Related Entries:

Written by Vygantas Lipskas · Filed Under Firefox, Security 

Comments

2 Responses to “Firefox “firefoxurl” URI Handler Registration Vulnerability”

     Add karma Subtract karma  +0
  1. som1 on July 10th, 2007 3:09 pm

    Disable the “Firefox URL” URI handler.

    how ?

    2.  Add karma Subtract karma  +0
  2. Vygantas Lipskas on July 11th, 2007 3:31 am

    So far it seems work in this way:

    Open Windows Explorer, like enter My Computer (Not Firefox or any other browser). Click “Tools” in the top menu, find “Folder Options…”

    Select “File Types”, find:

    (NONE) Firefox URL

    Delete it.

Got something to say?






Bottom