We are currently investigating an issue on Windows XP, where some urls for “web” protocols that contain %00 launch the wrong handler and appear to be able to launch local programs, with limited argument passing.
The impact to users is unknown at this point in time. We are working to verify this and in the meantime, advise users to be cautious when browsing unknown sites.
We are currently working on a fix. You can follow our work and process at: https://bugzilla.mozilla.org/show_bug.cgi?id=389580
Billy Rios and Nate McFeters posted details about this issue publicly at:http://xs-sniper.com/blog/remote-command-exec-firefox-2005/