« Hackers Can Now Deliver Viruses via Web Ads | Main | Mozilla Protocol Abuse »

Mozilla confirms own URL handling bug

"The Mozilla Foundation acknowledged over the weekend that its own Firefox browser allows links that can send malicious code to external programs, a security issue that the group had previously argued should be fixed by the browser maker.

In early July, three researchers found a way to execute code in Firefox - and potentially other Windows programs - by passing it a malicious uniform resource identifier (URI) from Internet Explorer.

The discovery lit off a firestorm of finger pointing: The Mozilla Foundation argued that IE should validate the URI before passing it along to another program, while Microsoft stated that input validation is the responsibility of the receiving program."

Article Link: http://www.theregister.co.uk/2007/07/25/firefox_url_bug/


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!