benn11
Jul 11, 2007, 01:20 AM
WARNING
A vulnerability has been discovered in Firefox, which can be exploited by malicious people to compromise a user's system.
The problem is that Firefox registers the "firefoxurl://" URI handler and allows invoking Firefox with arbitrary command line arguments. Using e.g. the "-chrome" parameter it is possible to execute arbitrary Javascript in chrome context. This can be exploited to execute arbitrary commands e.g. when a user visits a malicious web site using Microsoft Internet Explorer.
The vulnerability is confirmed in Firefox version 2.0.0.4 on a fully patched Windows XP SP2. Other versions may also be affected.
Read more >> (www.webware.com)
A vulnerability has been discovered in Firefox, which can be exploited by malicious people to compromise a user's system.
The problem is that Firefox registers the "firefoxurl://" URI handler and allows invoking Firefox with arbitrary command line arguments. Using e.g. the "-chrome" parameter it is possible to execute arbitrary Javascript in chrome context. This can be exploited to execute arbitrary commands e.g. when a user visits a malicious web site using Microsoft Internet Explorer.
The vulnerability is confirmed in Firefox version 2.0.0.4 on a fully patched Windows XP SP2. Other versions may also be affected.
Read more >> (www.webware.com)