Tuesday, July 10, 2007

Firefox and IE together brew up security trouble | Tech news blog - CNET News.com

To update Jack's post below, apparently both Firefox AND IE have issues.

UPDATE: Blame them both.

That's the latest update from security researchers who initially laid the blame on Microsoft's Internet Explorer for the latest zero-day exploit that also can afflict those using the Firefox Web browser.

Users could face a "highly critical" risk if they have both IE and Firefox version 2.0, or later, loaded on their computer. The trouble begins when browsing a malicious site while using IE and it registers a "firefoxurl://" URI (uniform resource identifier) handler, which allows the browser to interact with specific resources on the Web. As a result, users may find their systems remotely compromised.


"Firefox is the current attack vector, but Internet Explorer is to blame for not escaping...characters when passing on the input to the command line," said Larholm, in response to a reader's comments. "I agree that Firefox could have registered its URL handler with pure DDE (dynamic data exchange, the protocol for information exchange) instead and thereby have avoided the possibility of a command-line argument injection, but IE should still be able to safely launch external applications."

Firefox and IE together brew up security trouble | Tech news blog - CNET News.com

Some of my normal buttons are missing (dang link button won't work, or I'd post to Jack's post, yeah that's how its supposed to be done, check to see if its been posted before posting.:P) while I create this, but the link above has all the info.

1 comment:

  1. The problem is not so much with FireFox, But Microsoft's OS allowing anything and everything to happen.If MS would totally abandon the core code That been in use since 1980's and switch to either UNIX like Apple did on the Mac OS, or even Linux. The Virus and Malware would be shut down immediately. Either , Mac. UNIX, or Linux when something ask you to execute a file it ask your permission. Making you the user totally responsible for screwing up your computer.


All comments are moderated.

Note: Only a member of this blog may post a comment.