In association with heise online

27 July 2007, 17:41

New findings on "Firefox hole"

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

When trying to decide who is actually the originator of the vulnerabilities resulting from the interaction between Firefox and Internet Explorer 7, opinions differ. US CERT blames Firefox because it does not filter input links before sending them to the URI protocol handlers registered for them. As a workaround, US CERT suggests activating a prompt in Firefox which, when invoked, notifies the user of a mailto: URI, for instance, and offers the opportunity to cancel. To invoke the configuration page, you enter about:config in the address line of Firefox. Then the following options:

network.protocol-handler.warn-external-default
network.protocol-handler.warn-external.mailto
network.protocol-handler.warn-external.news
network.protocol-handler.warn-external.nntp
network.protocol-handler.warn-external.snews

must be set to true.

On its web page, the French FrSIRT also reports a bug in Firefox or Mozilla and Netscape. The service also blames the lack of filtering in the Mozilla Foundation browser for the problem when transferring URLs.

Having carried out its own analyses, Secunia is alone in believing that the bug lies in Windows. Secunia has also discovered that a prepared URI does not have to contain the character sequence %00, the percentage sign alone is sufficient. Indeed on a test system in heise Security's labs equipped with Windows XP/SP2 and IE7 a click in Firefox on

mailto:test%../../../../windows/system32/calc.exe".cmd

started the Windows calculator. Consequently, the patch prepared by the Firefox developers will be ineffective because it looks for %00 in the URIs in order to block them.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-733348
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit