Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog - IE vs. FF InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

IE vs. FF

Published: 2007-07-10
Last Updated: 2007-07-11 11:16:33 UTC
by Swa Frantzen (Version: 3)
0 comment(s)

No, I'm not restarting the browser wars. They have been fought and lost.

Let's look at a recently published exploit though:

When Firefox installs on windows, it installs itself as a URL handler a few times. In pseudo code the handler that is added looks like:

FIREFOX.EXE -option "%1"  -option

Now what happens if  %1 contains a double quote?
Right, the attacker can add more options.

So where does IE come into play against Firefox ?
IE happily calls the URL handler and as such provides a path to add additional options that lead to increased scripting rights inside Firefox.

As a result the IE user on a machine that has Firefox installed is at risk.

A workaround is to remove the URL handlers installed by Firefox from the registry.

This however goes to show that even unused but installed client programs might be a threat on your client system. Hence you need to take care of vulnerabilities in software that you don't even use.

Updates:

  • A reader pointed us to Jesper's blog having a set of of commands to remove the URL handlers.
  • Giorgio Maone explained how NoScript -which we recommended numerous times already-, does protect from this since May 22nd 2007. Thanks a lot for the clarifications!

--
Swa Frantzen -- NET2S

Keywords:
0 comment(s)
Diary Archives