Firefox URI Browser Flaw Spreads its Tentacles
The Firefox URI (Uniform Resource Identifier) browser vulnerability, which on exploiting allows a hacker to seize a computer via Internet Explorer while installing Firefox, is getting worse by disturbing other applications too, reports security researchers Billy Rios, Nate McFeters and Raghav Dube. The researchers are working on a code to exploit a similar weak point in Trillian.
The vulnerability opens up when a user visits a malware-laden Web page in IE and clicks a malicious link. The link prompts IE to summon another Windows application in line with the instructions and then link that program with the URL of the infected Web page without bypassing the quotes. Those possible to launch are Thunderbird and Firefox, both of which support a 'chrome' feature to run malicious code, said Advisory 2007-23. InformationWeek published this on July 18, 2007.
The researchers believe that while the attack is successful only on AIM clients, similar attacks could target any program that allows access to URI. They recommend developers to disable any extra URI functions in their software.
Independent security researcher Thor Larholm relates the problem to input validation vulnerability. InformationWeek reported this on July 18, 2007. On installing Firefox on a computer system, the browser makes a registration of a URL protocol handler. When IE comes across a content reference in the Firefoxurl URL, it calls on ShellExecute with EXE image path to transfer the request URL sans input validation.
When Mozilla released Firefox 220.127.116.11, it also issued a number of patches for flaws caused by such types of malicious Web pages. Some "highly critical" security flaws also emerged that has been inflicting both Firefox and IE.
Firefox 18.104.22.168 also fixes a flaw that disables the browser having memory corruption; and then another security hole that allows to illegally access wyciwyg:// documents. Two more patches are for holes, one that escalates privileges and the other that causes confusion in file type.
The Trillian vulnerability, like Firefox flaw, also uses a URI on the attacking point with which the browser could launch an external program on the target system just like using a URL to connect to a website.
» SPAMfighter News - 31-07-2007