Firefox & IE Together Brew Up Security Trouble

That’s the latest update from security researchers who initially laid the blame on Microsoft’s Internet Explorer for the latest zero-day exploit that also can afflict those using the Firefox Web browser. Users could face a “highly critical” risk if they have both IE and Firefox version 2.0, or later, loaded on their computer.

The trouble begins when browsing a malicious site while using IE and it registers a “firefoxurl://” URI (uniform resource identifier) handler, which allows the browser to interact with specific resources on the Web. As a result, users may find their systems remotely compromised. Earlier Tuesday, security researcher Thor Larholm, who discovered the IE flaw, and security research giant Symantec put much of the blame on IE, while Secunia’s Thomas Kristensen, chief technology officer, attributed the problem to Firefox versions 2.0 or later.

“It’s a little bit of both,” said Oliver Friedrichs, director of Symantec’s Security Response Center. “You have two very complex applications that are not playing well together and leading to a security issue. The components themselves are secure as stand-alone products but not together.” “Firefox is the current attack vector, but Internet Explorer is to blame for not escaping…characters when passing on the input to the command line,” said Larholm, in response to a reader’s comments.

“I agree that Firefox could have registered its URL handler with pure DDE (dynamic data exchange, the protocol for information exchange) instead and thereby have avoided the possibility of a command-line argument injection, but IE should still be able to safely launch external applications.” Friedrichs noted that while Firefox, which released version 2 in October, has gained in popularity, most Firefox users will also have IE loaded on their computers, since it comes with the Windows operating system.

Tags: critical_risk, external_applications, Firefox, Internet, security_response_center, Software, symantec, Web, web_browser_users

This entry was posted on Wednesday, July 11th, 2007 at 7:12 am and is filed under Firefox, Internet. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Related posts

• Trick To Increase Browsing Speed for IE and Firefox (10)
• Top 10 Firefox Extensions To Avoid (2)
• Speed Up Firefox web browser (5)
• Safari 3 Public Beta (0)
• Remove Clutter From Firefox Menus With Menu Editor (0)
• Mozilla Thunderbird 2 Takes Flight (1)
• How to Double Firefox Speed (94)
• How To Clear the Internet Cache in Firefox 2 (0)
• How To Avoid Hacker Attacks On Firefox (4)
• FoxTorrent: Download Torrents From Within Firefox (0)
• Fixing The Firefox Memory Leak (20)
• Fix for mplayer in Firefox under Ubuntu is not working (4)
• Block any website on your computer with Any weblock (0)
• Backup Firefox Bookmarks, Extensions, Settings (0)
• A Little Firefox Media (0)
• 10 Firefox Tricks (3)
• YouTube and MySpace video software to download and convert (2)
• Using Secure Login in Firefox (3)
• Useful Internet Explorer 7 Addons (0)
• Update To Firefox Tightens Security (0)
• Top 5 Gaming Extensions for Firefox (2)
• The secrets of about:config - part6 (7)
• The secrets of about:config - part5 (4)
• The secrets of about:config - part4 (4)
• The secrets of about:config - part3 (6)