Internet Explorer used to trigger Firefox exploit

by admin July 12, 2007 at 5:31 pm

A vulnerability in Firefox can be exploited by presenting Internet Explorer with a particular type of malicious link.

Reported by Secunia, the issue revolves around the firefoxurl:// URI handler that instructs the system to open the specified URL in Firefox. This handler is added to the system alongside Firefox.

Unfortunately, Firefox does not check the sanity of the link it is passed, and it will execute JavaScript. Internet Explorer doesn’t check a link before it is passed to a handler, so this has the potential to allow remote system access.

Full story: