Launching local programs through FileType handler

Jul 25 2007

Issue
We are currently investigating an issue on Windows XP, where some urls for “web” protocols that contain %00 launch the wrong handler and appear to be able to launch local programs, with limited argument passing.

Impact
The impact to users is unknown at this point in time. We are working to verify this and in the meantime, advise users to be cautious when browsing unknown sites.

Status
We are currently working on a fix. You can follow our work and process at: https://bugzilla.mozilla.org/show_bug.cgi?id=389580

Credit
Billy Rios and Nate McFeters posted details about this issue publicly at:http://xs-sniper.com/blog/remote-command-exec-firefox-2005/

8 responses

Pingback from Techzi » Blog Archive » Mozilla flaw attack code published on July 25, 2007 at 4:06 pm::

[...] security chief, Window Snyder, said that her team is working to verify and fix this latest [...]
Pingback from Mozilla flaw attack code published on July 25, 2007 at 4:08 pm::

[...] security chief, Window Snyder, said that her team is working to verify and fix this latest [...]
Pingback from University Update - Firefox - Permanent Link to Launching local programs through FileType handler on July 25, 2007 at 4:46 pm::

[...] Link to Article firefox Permanent Link to Launching local programs through FileType handler » [...]
Pingback from Mozilla’s Latest Firefox Security Issue » SELaplana on July 26, 2007 at 1:27 am::

[...] about the latest release of the Mozilla’s Firefox browsers and is now currently examined by Mozilla. We are currently investigating an issue on Windows XP, where some urls for “web” protocols [...]
Pingback from Dimension 2k : Blog Archive : Remote Command Execution Bug im Mozilla on July 26, 2007 at 4:19 am::

[...] Mozilla Security Blog] Kategorien Software | Security | Internet Tags bug, FireFox, [...]
Pingback from Security Tips » Firefox Fixes FileType Flaw on July 26, 2007 at 6:10 am::

[...] browsers. The very limited %00 argument needed to spur local program execution raised concerns at Mozilla, though the actual impact of such execution hadn’t been [...]
Pingback from Mozilla flaw attack code published « TechTitans™ on July 26, 2007 at 8:21 am::

[...] security chief, Window Snyder, said that her team is working to verify and fix this latest [...]
Pingback from » Protocol abuse adds to Firefox, Windows security woes | Ryan Naraine’s Zero Day | ZDNet.com on July 26, 2007 at 9:29 am::

[...] security chief Window Snyder has posted a confirmation of the latest issue: We are currently investigating an issue on Windows XP, where some urls for “web” protocols [...]

Pingback from Techzi » Blog Archive » Mozilla flaw attack code published on July 25, 2007 at 4:06 pm::

Pingback from Mozilla flaw attack code published on July 25, 2007 at 4:08 pm::

Pingback from University Update - Firefox - Permanent Link to Launching local programs through FileType handler on July 25, 2007 at 4:46 pm::

Pingback from Mozilla’s Latest Firefox Security Issue » SELaplana on July 26, 2007 at 1:27 am::

Pingback from Dimension 2k : Blog Archive : Remote Command Execution Bug im Mozilla on July 26, 2007 at 4:19 am::

Pingback from Security Tips » Firefox Fixes FileType Flaw on July 26, 2007 at 6:10 am::

Pingback from Mozilla flaw attack code published « TechTitans™ on July 26, 2007 at 8:21 am::

Pingback from » Protocol abuse adds to Firefox, Windows security woes | Ryan Naraine’s Zero Day | ZDNet.com on July 26, 2007 at 9:29 am::