Today security firm Secunia released an advisory on a security issue found (apparently) simultaneously and independently by Greg MacManus and Billy Rios based on a previously reported issue in Safari found by Thor Larholm.
Any Windows application that calls a registered URL protocol without escaping quotes may be used to pass unexpected and potentially dangerous data to the application that registers that URL Protocol. This could result in a critical security vulnerability.
The vulnerability is exposed when a user browses to a malicious web page in Internet Explorer and clicks on a specially crafted link. That link causes Internet Explorer to invoke another Windows program via the command line and then pass that program the URL from the malicious webpage without escaping the quotes. This can cause data to be passed accidentally from the malicious web page to the second Windows program. In the specific attack described in the report, Internet Explorer sends URL data to Firefox. If the data is crafted a certain way it will allow remote code execution in Firefox.
A similar interaction between Safari and Firefox was reported earlier and fixed by Apple. According to Ryan Naraine at ZDNet, Microsoft is not planning to release a patch at this time.
Mozilla believes in defense in depth and will be patching Firefox in the upcoming 2.0.0.5 release to mitigate the problem. This will prevent IE from sending Firefox malicious data. Other Windows programs may also be vulnerable to bad data being passed from IE although we are not aware of any at this time.
It is important to note that if you are using Firefox to browse the web you *are not* vulnerable to this attack. While we have seen no evidence of attackers exploiting this issue, there is proof of concept code available publicly. So we recommend that people use Firefox and as always take care when browsing unknown websites.
We appreciate the work of the security researchers who identified this issue and the thousands of Mozilla community members who test patches and enable us to ship fixes so quickly. Mozilla is committed to identifying, prioritizing and fixing bugs to deliver the safest online experience for its users. We fix all bugs with any security risk as part of our commitment to security.
Ping from University Update - Firefox - Permanent Link to Security Issue in URL Protocol Handling on Windows on
Giorgio Maone wrote on
Ping from » Microsoft should block that IE > Firefox attack vector | Zero Day | ZDNet.com on
Ping from Blitz - Stiri zilnice din IT, IT&C: tehnologie, internet, telecom, gadgets, jocuri » Stiri IT - Blitz RO » Vulnerabilitate de browser, dar a cui e vina? on
Ping from Bloggers fixate on Google security moves — Security Bytes on
Ping from homeathk.net » 研究人員發現透過IE影響Firefox的怪異漏洞 on
Charles Burnaford wrote on
Ping from Firebug - Network Tools Network Monitoring Network Administration Network Diagnostics News Reviews Interviews » A serious browser vulnerability, but whose? on
Ping from FreeSoftNews » Blog Archive » Fedora Weekly News Issue 96 on
Ping from [EU/CH] Risiken und Nebenwirkungen: Firefox rei on
Trackback from Internet Explorer security flaw affects Firefox... on
Ping from Mozilla Security Blog » Blog Archives » Fix for Windows URL Protocol Handling Problem in Firefox 2.0.0.5 on
Ping from Update your Firefox!! | Razor Consulting on
Ping from homeathk.net » Mozilla修補Firefox漏洞 on
Ping from Mozilla Security Blog » Blog Archives » Related Security Issue in URL Protocol Handling on Windows on
Ping from Related Security Issue in URL Protocol Handling on Windows · Get Latest Mozilla Firefox Browsers on
Ping from .: Daniel Melanchthon :. : Man zeigt nicht mit dem Finger auf andere Leute on
Firefox wrote on
Ping from Larholm.com - Me, myself and I » Handling URL protocol handlers on
Ping from Exchangepedia Blog - » FireFox 2.0.0.6: Mozilla fixes the IE security hole that wasn't on
Ping from Clicking links on desktop gives an error in Firefox 2 « Tech Help on
Sally Tarbell wrote on
What is a URL? wrote on
Azizi wrote on