Fri. Nov 15th, 2019


The personal pages

FF vulnerability exploited via IE

1 min read

A vulnerability in Firefox 2 announced this week could allow remote command execution. Only Window versions prior to Vista (XP ->) are affected.

The problem, according to Secunia, is that Firefox registers the “firefoxurl://” URI handler and allows invoking Firefox with arbitrary command line arguments. Using e.g. the “-chrome” parameter it is possible to execute arbitrary JavaScript in chrome context.

This can be exploited to execute arbitrary commands e.g. when a user visits a malicious web site using Microsoft Internet Explorer. The site shows examples of how to do this.

The vulnerability was first made known by Thor Larholm. However he believes the problem is related to Internet Explorer as it doesn’t escape the sign when passing data through to the command line.


Do not browse untrusted sites and disable the “Firefox URL” URI handler OR install the Firefox extension NoScript.

Copyright © All rights reserved. | Newsphere by AF themes.
Get every new post delivered to your inbox
Join millions of other followers
Powered By