Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: IE vs. FF - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
IE vs. FF

No, I'm not restarting the browser wars. They have been fought and lost.

Let's look at a recently published exploit though:

When Firefox installs on windows, it installs itself as a URL handler. In pseudo code the handler that is added looks like:

FIREFOX.EXE -option "%1"  -option

Now what happens if  %1 contains a double quote?
Right, the attacker gets acces to the command line.

So where does IE come into play against Firefox ?
Firefox seems to prevent access to the command line, but IE happily calls the URL handler and as such provides a path to the command line via the handler installed by Firefox.

As a result the IE user on a machine that has Firefox installed is at risk.

A workaround is to remove the URL handlers installed by Firefox from the registry. I'm sure the developers of Firefox can undo the damage done to systems in a next patch.

This however goes to show that even unused but installed client programs might be a threat on your client system. Hence you need to take care of vulnerabilties in software that you don't even use.

--
Swa Frantzen -- NET2S

Swa

760 Posts

Sign Up for Free or Log In to start participating in the conversation!