Internet Explorer 0day Exploit Requires Firefox. Huh?
- 2
- Add a Comment
There is a new zero day exploit for Internet Explorer circulating but it requires that you have previously installed Firefox for it to work on a system.
The exploit code demonstrates the vulnerability using the Mozilla Firefox firefoxurl:// URL protocol. To trigger this vulnerability, an attacker must persuade a user who has previously installed Firefox or currently has it installed to access a specially crafted web page with Internet Explorer.
At this writing, there are no easy workarounds other than to avoid untrusted web sites.
[Firefox "firefoxurl" URI Handler Registration Vulnerability]
[tags]antivirus, antivirus software, anti virus, anti virus software[/tags]
2 Comments
Michael B. Johnson
July 13th, 2007
at 10:24am
Pretty neat trick!
» The flaw the “FireFoxed” Internet Explorer | IT News Digest | TechRepublic.com
July 23rd, 2007
at 10:55am
[...] The flaw needed a certain degree of user- interaction (lockergnome) to be activated and the folks at Mozilla have patched the issue in their 2.0.0.5 browser release. What’s deeply intriguing about the flaw is how it uses the interface among the applications (in this case IE and Mozilla) to launch an attack. The flaw sparked a lot of sparring between executives of Mozilla and Microsoft(TechWorld), each blaming the other’s API call for the flaw. Software makers can ensure a lot of security around their internal code but when it comes to APIs they expose to third party software, the usage is in the hands of the third party and may present vulnerable end-points. [...]