Tuesday, July 10, 2007 4:29 PM
cmosby
SANS Internet Storm Center - IE vs. FF
IE vs. FF
Published: 2007-07-10,
Last Updated: 2007-07-10 20:25:46 UTC
by Swa Frantzen (Version: 1)
No, I'm not restarting the browser wars. They have been fought and lost.
Let's look at a recently published exploit though:
When Firefox installs on windows, it installs itself as a URL handler. In pseudo code the handler that is added looks like:
"FIREFOX.EXE -option "%1" -option"
Now what happens if %1 contains a double quote?
Right, the attacker gets acces to the command line.
So where does IE come into play against Firefox ?
Firefox seems to prevent access to the command line, but IE happily calls the URL handler and as such provides a path to the command line via the handler installed by Firefox.
As a result the IE user on a machine that has Firefox installed is at risk.
A workaround is to remove the URL handlers installed by Firefox from the registry. I'm sure the developers of Firefox can undo the damage done to systems in a next patch.
This however goes to show that even unused but installed client programs might be a threat on your client system. Hence you need to take care of vulnerabilties in software that you don't even use.
--
Swa Frantzen -- NET2S
Source: SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc
Filed under: Security and Anti-Virus, Browser Wars, Internet Explorer, Firefox