Ask Me Help Desk

Ask Me Help Desk (https://www.askmehelpdesk.com/forum.php)
-   Other Security (https://www.askmehelpdesk.com/forumdisplay.php?f=476)
-   -   Warning, Firefox "firefoxurl" URI Handler Registration Vulnerability (https://www.askmehelpdesk.com/showthread.php?t=108805)

  • Jul 11, 2007, 01:20 AM
    benn11
    WARNING, Firefox "firefoxurl" URI Handler Registration Vulnerability
    WARNING

    A vulnerability has been discovered in Firefox, which can be exploited by malicious people to compromise a user's system.

    The problem is that Firefox registers the "firefoxurl://" URI handler and allows invoking Firefox with arbitrary command line arguments. Using e.g. the "-chrome" parameter it is possible to execute arbitrary Javascript in chrome context. This can be exploited to execute arbitrary commands e.g. when a user visits a malicious web site using Microsoft Internet Explorer.

    The vulnerability is confirmed in Firefox version 2.0.0.4 on a fully patched Windows XP SP2. Other versions may also be affected.

    Read more >>
  • Jul 11, 2007, 01:39 AM
    benn11
    To disable Firefox URI handler follow this steps

    Open Windows Explorer and from the Tools menu select "Folder Options" menu. On the dialog that appears select the "File Types" tab.

    Now in the list of registered file types find the one that says:

    "(NONE)" for extension and "Firefox URL" for file type

    Select it and click on delete button to delete it.

    Click on "OK" to close the "Folder Options" dialog.

    • All times are GMT -7. The time now is 10:36 PM.