Related Security Issue in URL Protocol Handling on Windows

Window Snyder

36

On July 10th, I posted about a security issue in URL protocol handling on Windows. In the previous example, Internet Explorer was the entry point and Firefox was the application receiving the bad data.

Over the weekend, we learned about a new scenario that identifies ways that Firefox could also be used as the entry point. While browsing with Firefox, a specially crafted URL could potentially be used to send bad data to another application.

We thought this was just a problem with IE. It turns out, it is a problem with Firefox as well. We should have caught this scenario when we fixed the related problem in 2.0.0.5. We believe that defense in depth is the best way to protect people, so we’re investigating it now.

We are working to make sure that we are giving you as much information about pressing security issues as possible. We make real-time updates as we find out new information because we are committed to an open and transparent security process.

For more information: https://bugzilla.mozilla.org/show_bug.cgi?id=389106

36 responses

  1. Pingback from University Update - Firefox - Permanent Link to Related Security Issue in URL Protocol Handling on Windows on :

    […] Link to Article firefox Permanent Link to Related Security Issue in URL Protocol Handling on Windows […]

  2. Pingback from » Mozilla caught napping on URL protocol handling flaw | Ryan Naraine’s Zero Day | ZDNet.com on :

    […] security chief Window Snyder has fessed up to the gaffe exposed by Johansson: Over the weekend, we learned about a new scenario that identifies ways that […]

  3. Aaron Margosis wrote on :

    I think Alun Jones hits the nail right on the head in this item:

    http://msmvps.com/blogs/alunj/archive/2007/07/22/firefoxurl-url-vulnerability.aspx

    and in his comment here regarding the C/C++ argument point:

    http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx#6570

  4. Pingback from Window Snyder fesses up - Firefox also passes "bad data" - Spyware Sucks on :

    […] Quote source:  http://blog.mozilla.org/security/2007/07/23/related-security-issue-in-url-protocol-handling-on-windo… […]

  5. Pingback from XoftSpy SE Antispyware » Blog Archive » Window Snyder fesses up - Firefox also passes “bad data” on :

    […] Quote source:  http://blog.mozilla.org/security/2007/07/23/related-security-issue-in-url-protocol-handling-on-windo… […]

  6. Pingback from Firefox could also be used as the entry point | GNUCITIZEN on :

    […] Mozilla Security Blog […]

  7. Giorgio Maone wrote on :

    Bug 389106 is already fixed, big kudos for biesi and the other moz devs!

    While we’re waiting for Firefox 2.0.0.6 to ship, NoScript users can enjoy an early fix: http://noscript.net/getit#direct

  8. Pingback from IE’s unescaped URLs vulnerability also present in Firefox : Mozilla Links on :

    […] Chief Security Officer, Window Snyder, has announced that Firefox could be used as an entry point to perform certain kinds of computer attacks in the […]

  9. Pingback from YouTube Elevates Top Users to Partners - BlogStuffPro.com on :

    […] Related Security Issue in URL Protocol Handling on WindowsOn July 10th, I posted about a security issue in URL protocol handling on Windows. In the previous example, Internet Explorer was the entry point and Firefox was the application receiving the bad data. Over the weekend, we learned about… […]

  10. Pingback from IE’s unescaped URLs vulnerability also present in Firefox · Get Latest Mozilla Firefox Browsers on :

    […] URLs vulnerability also present in Firefox Mozilla Chief Security Officer, Window Snyder, has announced that Firefox could be used as an entry point to perform certain kinds of computer attacks in the […]

  11. Bill Feagin wrote on :

    I just got an automatic update from Firefox that needed to be installed. Half way through the installation, it quit saying that my current security settings did not permit me to install the updates. The program was so hung up that I had to uninstall Fire Fox all together. When I tried to reinstall Fire Fox, I got the same message saying that my current security set up did not allow me to install Fire Fox. How do I fix this ? Bill

  12. Pingback from Mozilla: Firefox is flawed just like IE on :

    […] a new scenario that identifies ways that Firefox could also be used as the entry point,” said Window Snyder of Mozilla. “While browsing with Firefox, a specially crafted URL could potentially be used […]

  13. Pingback from Mozilla Admits Firefox Has Same Flaw as IE | CTF Blog on :

    […] a new scenario that identifies ways that Firefox could also be used as the entry point,” said Window Snyder of Mozilla. “While browsing with Firefox, a specially crafted URL could potentially be used […]

  14. Pingback from Techzi » Blog Archive » Mozilla: Firefox is flawed just like IE on :

    […] a new scenario that identifies ways that Firefox could also be used as the entry point,” said Window Snyder of Mozilla. “While browsing with Firefox, a specially crafted URL could potentially be used […]

  15. Pingback from Be:Fox » La faille critique d’exploitation du protocole URL n’est pas totalement corrigée on :

    […] 2.0.0.5 de Firefox, censée corriger 8 failles dont certaines avaient été jugées critiques. Sur le blog de Window Snyder, une huile de la sécurité chez Mozilla, on peut lire qu’un « nouveau scénario révèle […]

  16. Blackstorm wrote on :

    My apologies for the previous comment about the delay of moderation… I think, anyway that the solution lie only in a redefinition of firefoxurl URI handler… actually the quotes can be used to create bad formed url, no matter what patches you release…

  17. Pingback from Firefox: Nuove Falle, ed Imbarazzo « Simply Security on :

    […] quanto riguarda il problema della vulnerabilità nella gestione dei protocolli URL, su Mozilla Security Blog, Window Snyder, a capo della security strategy presso Mozilla Corporation, ha reso noto che […]

  18. Pingback from Attack of the URL Vulnerabilities | GNUCITIZEN on :

    […] that has been recently discussed on multiple blogs including GC (us), Thor Larholm’s blog, Mozilla’s Security Blog, the 0×000000 hack zine and Billy (BK) Rios‘ personal blog. This time, the bug is […]

  19. Pingback from It takes courage to admit your product is insecure | Security Insider on :

    […] to Mozzila’s chief security officer, Window Snyder (yes, that’s his real name), who wrote on this blog recently that Firefox was at least partly to blame for a vulnerability that affected Microsoft’s […]

  20. Pingback from Messy URL protocol-handling drama finally winding down — Security Bytes on :

    […] agreed that there was an issue with IE, Mozilla has come to the same conclusion, saying that Firefox also has a problem. Mozilla’s security team, headed by Window Snyder, is investigating the issue now, Snyder […]

More comments:1 2