Comments on: Firefox fixes Internet Explorer flaw

By: B?ad w Firefox, nieprawid?owe filtrowanie wyra?e? w linkach. | tPython

B?ad w Firefox, nieprawid?owe filtrowanie wyra?e? w linkach. | tPython — Thu, 26 Jul 2007 13:56:45 +0000

[...] Foundation poprawi?a b??d wraz z wersj? 2.0.0.5, problem po stronie IE zosta? po raz kolejny zignorowany (wprawdzie w tym przypadku jest to cz??ciowo zrozumia?e, gdy? przecie? istnieje mo?liwo??, [...]

By: Attack of the URL Vulnerabilities | GNUCITIZEN

Attack of the URL Vulnerabilities | GNUCITIZEN — Wed, 25 Jul 2007 09:53:07 +0000

[...] related to the infamous bugs that has been recently discussed on multiple blogs including GC (us), Thor Larholm’s blog, Mozilla’s Security Blog, the 0×000000 hack zine and Billy (BK) Rios‘ [...]

By: Larholm.com - Me, myself and I » SeaMonkey suite affected by URL vulnerability

Mon, 23 Jul 2007 15:12:34 +0000

[...] Firefox fixes Internet Explorer flaw [...]

By: Thor Larholm

Thor Larholm — Fri, 20 Jul 2007 18:34:25 +0000

Biju, SeaMonkey should be affected as well as it registers a similar URL protocol handler, called SeaMonkeyURL. The definition can be found at http://lxr.mozilla.org/seamonkey/source/suite/installer/windows/nsis/shared.nsh#157

The fix in Firefox 2.0.0.5 prevents any kind of additional arguments from being parsed if Firefox is launched as a URL protocol handler. Other applications can still be called with arbitrary arguments.

Regards
Thor Larholm

By: Symantec gives its ThreatCon a makeover — Security Bytes

Symantec gives its ThreatCon a makeover — Security Bytes — Fri, 20 Jul 2007 09:33:59 +0000

[...] Thor Larholm, one of the researchers who brought this problem to light, says in his Larhom.com blog that the Firefox update isn’t the end of the [...]

By: Biju

Biju — Fri, 20 Jul 2007 04:19:44 +0000

Thor,

1. I dont see SeaMonkey and other moz products mentioned, whether they are also affected?

2. your example show attack vector with javascript:, whether current firefox fix also stops chrome://, file://, jar://, resource:// being called?

3. what about target apps that registers scp:// ftp:// ssh:// protocals, ie apps like PuTTY, WinSCP, FileZilla, as well as P2P apps. any report them being tested for similar possible attack.

Thanks…

By: Harry Johnston

Harry Johnston — Fri, 20 Jul 2007 00:14:17 +0000

I can’t claim to be an expert on ActiveX; I was basing my (apparently erroneous) assumption on the number of vulnerability notices I’ve read over the years that seemed to boil down to an ActiveX component being inappropriately exposed to web sites. (For one thing, there was hardly a cumulative IE update that didn’t set the kill bit for at least one control!)

I’ll accept that my statement was technically incorrect; however, it still seems that it is too easy (in practice) for software to expose an ActiveX control to the web without meaning to?

By: foxiewire.com

foxiewire.com — Thu, 19 Jul 2007 19:55:47 +0000

Larholm.com - Me, myself and I » Firefox fixes Internet Explorer flaw…

Mozilla has just released Firefox 2.0.0.5 which purportedly fixes one of the attack vectors of the Internet Explorer input validation flaw that I previously detailed. I will go on the record as stating that this does not actually fix the flaw in Intern…

By: Thor Larholm

Thor Larholm — Thu, 19 Jul 2007 10:05:57 +0000

Kimblim, I mean both

Regards
Thor Larholm

By: kimblim

kimblim — Thu, 19 Jul 2007 09:40:41 +0000

Thor,
When you say Internet Explorer, do you mean IE6 or IE7? Or do you mean both?