• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Firefox "firefoxurl" URI Handler Registration Vulnerability

H

HellasVagabond

New Member
Joined
Jan 19, 2007
Messages
3,376 (0.50/day)
Location
Athens , GREECE
System Specs
System Name SECONDARY RIG / PRIMARY RIG / THIRD RIG
Processor i920@3.6GHz / i920@4GHz / AMD Phenom II 955
Motherboard Gigabyte EX58-UD4P / Gigabyte EX58-UD7 / ASRock 890GX3
Cooling CoolIT Domino ALC / Thermalright Silver Arrow / Thermalright VenomousX
Memory 12GB DDR3 @ 1800MHZ / 6GB DDR3 @ 2250MHZ / 4GB DDR3 @ 1600MHZ
Video Card(s) XFX ATI RADEON 5970 / GAINWARD NVIDIA GTX 580 / 2xGEFORCE GTX295
Storage 1550GB / 6TB SAS - SSD / 160GB SSD
Display(s) NEC 26WUXi2 / NEC 3090WQXi / SONY 55A2000 (1080P 55inch)
Case COOLER MASTER HAF 932 / COOLER MASTER ATCS 840 / ANTEC DARKFLEET DF85
Audio Device(s) Soundblaster X-Fi Xtreme Music / SoundBlaster X-Fi Fatal1ty Pro / Realtek Onboard
Power Supply CWT 1200W / Enermax Revolution 85+ 1250W / Ikonik Vulcan 1200W
Software Windows 7 x64 / Windows 7 x64 / Windows 7 x64
Description:
A vulnerability has been discovered in Firefox, which can be exploited by malicious people to compromise a user's system.

The problem is that Firefox registers the "firefoxurl://" URI handler and allows invoking firefox with arbitrary command line arguments. Using e.g. the "-chrome" parameter it is possible to execute arbitrary Javascript in chrome context. This can be exploited to execute arbitrary commands e.g. when a user visits a malicious web site using Microsoft Internet Explorer.

The vulnerability is confirmed in Firefox version 2.0.0.4 on a fully patched Windows XP SP2. Other versions may also be affected.


More At :
http://secunia.com/advisories/25984/
 
Has it already been exploited in the wild, or is it more like a "proof of concept" type of deal?
 
They usually spot problems after they happen....
 
Well, either way, I tested it, and it definitely works. lol.

EDIT: Forgot to refresh, and missed your answer. Listing on that site doesn't necessarily mean it's been used in the wild. A lot of their info comes from security research groups, which try to find vulnerabilities before they're exploited.
 
You must log in or register to reply here.
Back
Top