Internet Explorer security flaw affects Firefox

Jul 17

I was perusing Information Week as I often visit them due to the wealth of topics when I came across this. If you have both Internet Explorer and Mozilla Firefox on your computer, you could be at risk for a URL flaw caused by Internet Explorer passing malicious scripting code to Firefox.

According to the Mozilla Security Blog dated July 10, 2007 if a user visits a site that sends Internet Explorer (IE) a malicious script, it can then pass that script to Firefox and allow execution of the code. To quote a brief excerpt from the Mozilla Security Blog:

The vulnerability is exposed when a user browses to a malicious web page in Internet Explorer and clicks on a specially crafted link. That link causes Internet Explorer to invoke another Windows program via the command line and then pass that program the URL from the malicious webpage without escaping the quotes. This can cause data to be passed accidentally from the malicious web page to the second Windows program. In the specific attack described in the report, Internet Explorer sends URL data to Firefox. If the data is crafted a certain way it will allow remote code execution in Firefox.

Mozilla Security personnel are stating that this does not affect people who use Firefox as their primary browser. Both Microsoft and Mozilla are apparently arguing about whose fault it is, but Mozilla is taking the lead in fixing the issue in their browser, which should be repaired in the 2.0.0.5 version of Firefox. Just another reason to keep your browser and operating systems up to date!


Read the Information Week article and also see the full Mozilla Security blog article for more information.

No comments

Trackbacks/Pingbacks

  1. Another Internet Explorer Security Flaw Exposes Passwords | ejcross.com - [...] I wrote about a previous Internet Explorer security flaw that was revealed in 2007, but this newest Internet …