Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

Firefox - Remote hacker automatic control

Version: 2.0.0.4 and prior.
Technical Details:

Firefox on Windows fails to properly parse command line parameters that are passed, allowing third party applications to run arbitrary code within the context of the trusted Chrome setting. Specifically, it is the registration of the 'FirefoxURL' handler which allows for commands to be passed to Firefox.

A separate issue exists with Firefox's handling of wyciwyg: URIs. It is possible for a local user (or website) to bypass the protections preventing access to these cache related URIs, thus allowing access to potentially sensitive content.

Description:

A demonstration of a vulnerability which allows attackers to pass arbitrary content to Firefox for execution in the 'Chrome' context has been released, using a link from within Internet Explorer to execute the attack. Another vulnerability has also been identified which allows for access to potentially sensitive cache content (on all systems).

Based on the available source code, it is possible for attackers to embed links in their websites such that when they are visited with Internet Explorer, arbitrary code can be run against Firefox on Windows.

Mitigation:

It is possible to deregister the 'FirefoxURL' handler in the Registry (caution is urged when manipulating the Registry), by modifying the setting of the 'HKEY_CLASSES_ROOT\FirefoxURL' entry.

Updates:

Not Yet Available

Source:

http://larholm.com/2007/07/10/internet-explorer-0day-exploit http://lcamtuf.coredump.cx/ffcache

Exploits:

http://larholm.com/2007/07/10/internet-explorer-0day-exploit http://lcamtuf.coredump.cx/ffcache

External Tracking Data:

wyciwyg - https://bugzilla.mozilla.org/show_bug.cgi?id=387333


Social bookmark this page