Thread-topic: [SA25984] Firefox "firefoxurl" URI Handler Registration Vulnerability
>
> TITLE:
> Firefox "firefoxurl" URI Handler Registration Vulnerability
>
> SECUNIA ADVISORY ID:
> SA25984
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/25984/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> REVISION:
> 1.1 originally posted 2007-07-10
>
> SOFTWARE:
> Mozilla Firefox 2.0.x
> http://secunia.com/product/12434/
>
> DESCRIPTION:
> A vulnerability has been discovered in Firefox, which can be
> exploited by malicious people to compromise a user's system.
>
> The problem is that Firefox registers the "firefoxurl://" URI handler
> and allows invoking firefox with arbitrary command line arguments.
> Using e.g. the "-chrome" parameter it is possible to execute
> arbitrary Javascript in chrome context. This can be exploited to
> execute arbitrary commands e.g. when a user visits a malicious web
> site using Microsoft Internet Explorer.
>
> The vulnerability is confirmed in Firefox version 2.0.0.4 on a fully
> patched Windows XP SP2. Other versions may also be affected.
>
> SOLUTION:
> Do not browse untrusted sites.
>
> Disable the "Firefox URL" URI handler.
>
> PROVIDED AND/OR DISCOVERED BY:
> Billy (BK) Rios, Nate Mcfeters, and Raghav "the Pope" Dube
>
> Additional information provided by Thor Larholm.
>
> CHANGELOG:
> 2007-07-10: Added workaround to the "Solution" section.
>
> ORIGINAL ADVISORY:
> http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html
>
> http://larholm.com/2007/07/10/internet-explorer-0day-exploit/
>