Topic: XP SP2 & IE7 & Firefox issue.  (Read 646 times)

0 Members and 1 Guest are viewing this topic.

Offline Nemesis

  • Captain Kayn
  • Global Moderator
  • Commodore
  • *
  • Posts: 12360
XP SP2 & IE7 & Firefox issue.
« on: July 26, 2007, 06:00:18 pm »
Link to full article

The bickering between Microsoft and the Mozilla Foundation about registered protocol handlers and the resulting security problems continues. A new demo has been published, illustrating how the latest version of Firefox running under Windows XP SP2 can be made to start an application using crafted links. Clicking on a manipulated mailto:, nntp:, snews: or news: link opens the command line and the Windows calculator. In principle, any command can be executed and code can be injected and executed via a website in this way.

However, for the demo to work, Internet Explorer 7 needs to be installed. If only Internet Explorer version 6 is installed, only the standard mail client Outlook Express opens. It is not entirely clear what role is being played by Internet Explorer 7 here. Installing IE 7 clearly changes the way Windows processes URIs. This is clearly illustrated by what happens if you pass the "bad" link directly to the Windows shell via the "Run" option in the Start menu. With IE6 installed, Outlook Express is launched, with IE7, cmd.exe and the calculator.

According to the Bugzilla entry for this problem, one reason for the new vulnerability is that Windows XP interprets the string %00 incorrectly. As a result, instead of the URL protocol handler, the FileType handler is called with the complete URL, via which it is then possible to call further programs with arbitrary arguments. To defuse the problem, the Firefox developers want to prevent the opening of links containing null bytes (%00). A patch implementing this has already been introduced into the development version. Until a new official version of Firefox is released, there is no viable workaround yet.

Do unto others as Frey has done unto you.
Seti Team    Free Software
I believe truth and principle do matter. If you have to sacrifice them to get the results you want, then the results aren't worth it.
 FoaS_XC : "Take great pains to distinguish a criticism vs. an attack. A person reading a post should never be able to confuse the two."