{"id":11,"date":"2007-07-23T16:46:56","date_gmt":"2007-07-23T23:46:56","guid":{"rendered":"http:\/\/blog.mozilla.org\/security\/2007\/07\/23\/related-security-issue-in-url-protocol-handling-on-windows\/"},"modified":"2007-07-23T18:05:35","modified_gmt":"2007-07-24T01:05:35","slug":"related-security-issue-in-url-protocol-handling-on-windows","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2007\/07\/23\/related-security-issue-in-url-protocol-handling-on-windows\/","title":{"rendered":"Related Security Issue in URL Protocol Handling on Windows"},"content":{"rendered":"<p>On July 10th, I posted about a <a href=\"http:\/\/blog.mozilla.org\/security\/2007\/07\/10\/security-issue-in-url-protocol-handling-on-windows\/\">security issue in URL protocol handling on Windows<\/a>.  In the previous example, Internet Explorer was the entry point and Firefox was the application receiving the bad data.<\/p>\n<p>Over the weekend, we learned about a new scenario that identifies ways that Firefox could also be used as the entry point.  While browsing with Firefox, a specially crafted URL could potentially be used to send bad data to another application.<\/p>\n<p><span>We thought this was just a problem with IE.  It turns out, it is a problem with Firefox as well.  We should have caught this scenario when we fixed the related problem in 2.0.0.5.  We believe that defense in depth is the best way to protect people, so we&#8217;re investigating it now.<\/span><\/p>\n<p>We are working to make sure that we are giving you as much information about pressing security issues as possible.  We make real-time updates as we find out new information because we are committed to an open and transparent security process.<\/p>\n<p>For more information: <a href=\"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=389106\">https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=389106<\/a><br \/>\n<span><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>On July 10th, I posted about a security issue in URL protocol handling on Windows. In the previous example, Internet Explorer was the entry point and Firefox was the application &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/security\/2007\/07\/23\/related-security-issue-in-url-protocol-handling-on-windows\/\">Read more<\/a><\/p>\n","protected":false},"author":48,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[69,73],"tags":[],"coauthors":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Related Security Issue in URL Protocol Handling on Windows - Mozilla Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2007\/07\/23\/related-security-issue-in-url-protocol-handling-on-windows\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Window Snyder\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2007\/07\/23\/related-security-issue-in-url-protocol-handling-on-windows\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2007\/07\/23\/related-security-issue-in-url-protocol-handling-on-windows\/\",\"name\":\"Related Security Issue in URL Protocol Handling on Windows - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"datePublished\":\"2007-07-23T23:46:56+00:00\",\"dateModified\":\"2007-07-24T01:05:35+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/bcfe8d4a8562282caf71ca487f4a36f5\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2007\/07\/23\/related-security-issue-in-url-protocol-handling-on-windows\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2007\/07\/23\/related-security-issue-in-url-protocol-handling-on-windows\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2007\/07\/23\/related-security-issue-in-url-protocol-handling-on-windows\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Related Security Issue in URL Protocol Handling on Windows\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/bcfe8d4a8562282caf71ca487f4a36f5\",\"name\":\"Window Snyder\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/ac9103056fd345532d56198464860a0a\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/73de47c5d7f96fbe0d5058c37ae1fefc?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/73de47c5d7f96fbe0d5058c37ae1fefc?s=96&d=identicon&r=g\",\"caption\":\"Window Snyder\"},\"sameAs\":[\"http:\/\/blog.mozilla.org\/security\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Related Security Issue in URL Protocol Handling on Windows - Mozilla Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2007\/07\/23\/related-security-issue-in-url-protocol-handling-on-windows\/","twitter_misc":{"Written by":"Window Snyder","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2007\/07\/23\/related-security-issue-in-url-protocol-handling-on-windows\/","url":"https:\/\/blog.mozilla.org\/security\/2007\/07\/23\/related-security-issue-in-url-protocol-handling-on-windows\/","name":"Related Security Issue in URL Protocol Handling on Windows - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"datePublished":"2007-07-23T23:46:56+00:00","dateModified":"2007-07-24T01:05:35+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/bcfe8d4a8562282caf71ca487f4a36f5"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2007\/07\/23\/related-security-issue-in-url-protocol-handling-on-windows\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2007\/07\/23\/related-security-issue-in-url-protocol-handling-on-windows\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2007\/07\/23\/related-security-issue-in-url-protocol-handling-on-windows\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"Related Security Issue in URL Protocol Handling on Windows"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/bcfe8d4a8562282caf71ca487f4a36f5","name":"Window Snyder","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/ac9103056fd345532d56198464860a0a","url":"https:\/\/secure.gravatar.com\/avatar\/73de47c5d7f96fbe0d5058c37ae1fefc?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/73de47c5d7f96fbe0d5058c37ae1fefc?s=96&d=identicon&r=g","caption":"Window Snyder"},"sameAs":["http:\/\/blog.mozilla.org\/security\/"]}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/11"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/48"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=11"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/11\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=11"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=11"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=11"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=11"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}