Just in from CNet:
A “highly critical” security flaw has been discovered in Firefox, which could allow a malicious attacker to gain remove control of a user’s system, according to an advisory issued by Secunia.
The security flaw is found in Firefox 2.0 and later versions, due to the way it registers the “firefoxurl://” URI handler.
“A new URI handler was registered on Windows systems to allow Websites to force launching Firefox if the “firefoxurl://” URI was called, like ftp://, http://, or similar would call other applications,” explained Thomas Kristensen, Secunia chief technology officer.
But because of the way the URI handler was registered by Firefox, it causes any parameter to be passed from Microsoft’s Internet Explorer, or another application, to Firefox, when firefoxurl:// is activated.
Kristensen said the security flaw actually rests with Firefox’s URI handler, despite other security sites that attribute the security flaw to IE, such as researcher Thor Larholm, who discovered the flaw, and Symantec.
The use of the “chrome” context, or parameter, it’s possible for malicious attackers to inject code on a user’s system that would be executed within Firefox, Kristensen said.
Secunia:
Description:
A vulnerability has been discovered in Firefox, which can be exploited by malicious people to compromise a user’s system.
The problem is that Firefox registers the “firefoxurl://” URI handler and allows invoking firefox with arbitrary command line arguments. Using e.g. the “-chrome” parameter it is possible to execute arbitrary Javascript in chrome context. This can be exploited to execute arbitrary commands e.g. when a user visits a malicious web site using Microsoft Internet Explorer.
The vulnerability is confirmed in Firefox version 2.0.0.4 on a fully patched Windows XP SP2. Other versions may also be affected.
Solution:
Do not browse untrusted sites.
[tags]Firefox Vulnerability, Critical Firefox Flaw, firefoxurl, [/tags]
