Mozilla is working on patching its Firefox browser after a hacker posted details of a flaw that could let criminals run unauthorized software on a victim's machine. The flaw lies in Firefox's URL handler component, which was the source of another bug Mozilla disclosed Tuesday. This second flaw was disclosed Tuesday by Billy Rios and Nathan McFeters, security consultants with Verisign and Ernst & Young respectively.
Like the first flaw, this one could be exploited by attackers to launch programs on the victim's PC without authorization, said Tyler Reguly, a security research engineer at nCircle Network Security. "They're both related to the URL handling process," he said "It's just different errors within that handling process." Even though the code posted by Rios and McFeters can only be used to launch software that is already installed on a victim's PC, it could be very dangerous if used by criminals, Reguly said. "It's still letting you run any program that exists on the user's computer," he said. "You can make it do some fairly bad things. For example, having it use command-line FTP to download a malicious file off a server somewhere and then execute that file."
View: The full story
News source: InfoWorld
Like the first flaw, this one could be exploited by attackers to launch programs on the victim's PC without authorization, said Tyler Reguly, a security research engineer at nCircle Network Security. "They're both related to the URL handling process," he said "It's just different errors within that handling process." Even though the code posted by Rios and McFeters can only be used to launch software that is already installed on a victim's PC, it could be very dangerous if used by criminals, Reguly said. "It's still letting you run any program that exists on the user's computer," he said. "You can make it do some fairly bad things. For example, having it use command-line FTP to download a malicious file off a server somewhere and then execute that file."
View: The full story News source: InfoWorld
Why so many security holes, being found this last 2 years in browsers...??!!
Well it's humans who code the browsers, and the human isn't perfect..
But now that there are some tools, that can double check code for problems and the attention developers have over security, shouldn't the number of security holes be a lot less??
It's like if i get out of the web for 2 weeks and join again, i almost have the probability of my browser being hacked, because off missing updates..
I think it would.
They would most likely have it aimed at Windows since it's the most widely used OS, but I don't see why they couldn't have one way to run the exploit on each OS. Maybe try something like an OS detection then run the command used for that specific OS. I'm not a coder or anything, but I don't see how that couldn't be done. Websites detect the OS you use all the time.
With this being an issue with both IE and Firefox and I was a "hacker", I'd try to use it in a way that it attacks all of the OS's.
Last edited by Cryingcure on 26 Jul 2007 - 18:39
I think it would.
They would most likely have it aimed at Windows since it's the most widely used OS, but I don't see why they couldn't have one way to run the exploit on each OS. Maybe try something like an OS detection then run the command used for that specific OS. I'm not a coder or anything, but I don't see how that couldn't be done. Websites detect the OS you use all the time.
With this being an issue with both IE and Firefox and I was a "hacker", I'd try to use it in a way that it attacks all of the OS's.
No, it doesn't. The URI handler exploit is basically using Internet Explorer to execute attacks based on other applications installed that uses a URI. That's why it happens on Trillian and Firefox.
Can Microsoft please release a tool to uninstall Internet Explorer entirelly? Please? I'll try this www.litepc.com/ieradicator.html at home. Hopefully the process won't kill Windows...
On other news:
http://www.heise-security.co.uk/news/93384
The bickering between Microsoft and the Mozilla Foundation about registered protocol handlers and the resulting security problems continues. A new demo has been published, illustrating how the latest version of Firefox running under Windows XP SP2 can be made to start an application using crafted links. Clicking on a manipulated mailto:, nntp:, snews: or news: link opens the command line and the Windows calculator. In principle, any command can be executed and code can be injected and executed via a website in this way.
However, for the demo to work, Internet Explorer 7 needs to be installed.
Yeah, you know who to blame.
From miffo.swe @ /.
Just about any application can forward malicious data to IE7. Microsoft can blame Firefox all they want but the hole will still exist in IE7 after having been patched by the Mozilla org. I repeat, the hole is accessible from any application connecting to the internet, not just firefox. IE6 does not have this security issue so its safe to assume the fault lies with Microsoft. Last time when the roles was the other way around, when Firefox passed malicious things onto IE Microsoft said the receiving application was at fault because it should check if it could handle what it received. Well, this time thats just how it is, IE7 does not check what it receive at all. In short, IE7 is unsafer in this case than IE6 was and the fault does according to previous statements from Microsoft no lie in the sending application (Firefox ) but in the receiver (Internet Explorer 7).
However, for the demo to work, Internet Explorer 7 needs to be installed.
...
from d3ac0n @ /.
For example, try this one if you have EVE installed on your PC: (You will have to copy-paste it as the Slashdot filter prevents the links from working.)
snews:%00%00../../../../../../windows/system32/cmd ".exe../../../../../../../../Program Files/CCP/EVE/eve.exe " - " blah.bat
#5 has the link on the Secunia examples (if anyone tries to tell me im wrong read the article, in this part "Successful exploitation requires that Internet Explorer 7 is installed on the system.).
You are vulnerable if you're using Internet Explorer 7, and this vulnerability has nothing to do with Firefox. So, any software that can have a malformed string can open anything on your computer if you have Windows and Internet Explorer 7. ANY.
edited for the typos..
Last edited by Azmodan on 26 Jul 2007 - 22:05
Huh? Have you READ THE ****ING LINK? #5? Have you tried the code using the RUN command -- and uninstalling Internet Explorer 7, and see that only works when it's installed?
Jesus, XerXis, do humanity a favor and CHECK THE SOURCES before trying to write something on the internet, don't make a ****ING MORON out of yourself.
Check here.
Do not browse untrusted websites or follow untrusted links.
So stop using the Internet then??
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.