The Mozilla Foundation is dealing with <A HREF="http://www.eweek.com/article2/0,1895,2163016,00.asp?kc=EWKNLNAV072707STR2">yet another URL-handling issue</A>--and this time, researchers have posted a non-malicious proof of concept that shows how the flaw can be used for remote command execution on machines running Mozilla's Firefox browser.
Mozilla's URL-handling hassles began earlier in July, when security researcher Thor Larholm found a zero-day vulnerability that can lead to systems getting hijacked. Larholm called it an IE zero-day at the time, blaming the vulnerability on an input validation flaw in Internet Explorer that allows users to specify arbitrary arguments to the process responsible for handling URL protocols. It's the same type of input validation vulnerability that Larholm discovered in the Safari 3 beta, he said at the time.
Recent Articles
-
Why a server-based anti-spam solution might be a good idea
-
Hosted email security with GFI MailEssentials Complete Online
-
Send your holiday emails from Outlook while keeping that personal touch
-
Welcome to the ZATZ Studio
-
Video: SmartSchedules can overcome some of Outlook’s limitations
-
Open question: what would you like to see us cover?
-
How the Epsilon breach might cause real security problems
-
Status report: migrating ZENPRESS to a new platform
From Our Sponsor
