URI Hole in Firefox remains open
Billy Rios and Nate McFetters, who discovered the URI hole in the Firefox open-source browser, are now claiming in their blog that the real problem was not remedied with the release of Firefox 18.104.22.168 at the end of July. They say they have found a new way of launching additional applications via file handlers and specially prepared paths even in that version.
On the other hand, the developers of Firefox stated when the current version of the browser was released that the update only provides a workaround so that the company can at least provide protection from the known exploits of %00 or % characters while they work on a real solution. Other than a screenshot, Rios and McFeters have not provided any exact description of the new problem to help the developers, who continue to work on a remedy under pressure. It is not known when a revised version of Firefox will be released.
The URI hole is manifested in the handling of special URLs; if Internet Explorer 7 is installed on Windows XP, attackers can launch any installed program. By means of manipulated links in websites or e-mails, these attacks can also cause damage. The actual cause of the problem is not yet known. Among other things, part of the problem is the confusing way URLs are handled under Windows. Skype, Miranda, and other applications probably also contain this URI hole.
- Firefox File Handling Woes, Billy Rios' blog entry
- New version of Firefox with security fix for URI vulnerability, report by heise Security