'Highly Critical' Flaw in Firefox 2.0

**Hairbautt** · 07-10-2007, 06:22 PM

A new security flaw, rated as "highly critical", has been discovered in Firefox 2.0+ by the security firm, Secunia.

The security hole involves a 'special' Uniform Resource Identifier (URI) handler where, according to Secunia, "Firefox registers the "firefoxurl://" URI handler and allows invoking Firefox with arbitrary command line arguments."

Thor Larholm--a computer security expert and a Senior Security Researcher for PivX Solutions, LLC--originally thought Internet Explorer was the culprit, but according to Secunia, "a malicious site visited in Internet Explorer could pass parameters using that URI handler that would be run automatically in Firefox, without any sort of validation."

They recommend that you do not visit any untrusted sites until the problem is resolved.

Source: BetaNews

Related: Neowin.Net

July 17, 2007

Neowin.Net: Cross-browser Firefox/IE flaw worsens

**4play** · 07-10-2007, 07:09 PM

click me bottom of the page is the test for this vuln click it then tick the box marked remember what i do etc.... and then press cancel. should now be safe.

**Demigod** · 07-10-2007, 08:27 PM

I'm tired of people thinking that if they browse with Firefox, they are automatically invincible to all the viruses and worms that crawl the internet.

Statistically speaking, Opera is the best choice (in terms of speed and security) for Windows-users.

Look here:

http://mywebpages.comcast.net/Suppor...efoxMyths.html

**Hairbautt** · 07-10-2007, 08:37 PM

I think Safari claims to be the fastest...and "the world's best browser."

http://www.apple.com/downloads/ (Check right side)

**4play** · 07-10-2007, 09:25 PM

yep safari must be the most secure since the first day the windows version is released and flaws were found and 4 of the 6 current flaws are unpatched

opera has a decent enough track record but if you really want security go with lynx there has only ever been 2 exploits found and they have both been patched.

edit: this story gets better turns out the exploit is also internet explorer related. internet explorer does not perform validation on the input before being passed along to firefox. firefox on its own will throw up warning if you click a nasty link.

**myminpins** · 07-12-2007, 11:05 AM

I love my Opera... don't really know why ANYONE uses IE any more... lol

Excellent read!!!!!

**lynx** · 07-12-2007, 11:25 AM

The reasons why fewer security holes have been found in Opera, Safari and Lynx (copyright theft?) is because there aren't as many people looking. It doesn't mean that the holes aren't there. The same argument used to be trotted about Firefox.

The link is still caught in an IE tab within Firefox (but beware, even if you select cancel, IE still launches the app

).

In reality, this only a security hole if you have Firefox installed but continue to use IE. Why anyone would want to do that is beyond me.

**Cheese** · 07-12-2007, 12:16 PM

Originally Posted by lynx

In reality, this only a security hole if you have Firefox installed but continue to use IE. Why anyone would want to do that is beyond me.

Sadly I have to at work as one website I have to use in my job does not work on Firefox (it barely works in IE).

**ulun64** · 07-12-2007, 01:21 PM

Originally Posted by Hairbautt

I think Safari claims to be the fastest...and "the world's best browser."

http://www.apple.com/downloads/ (Check right side)

Safari is the best browser in MacOSX but not in windows. It's system hogger in windows.

Originally Posted by lynx

The reasons why fewer security holes have been found in Opera, Safari and Lynx (copyright theft?) is because there aren't as many people looking. It doesn't mean that the holes aren't there. The same argument used to be trotted about Firefox.

The link is still caught in an IE tab within Firefox (but beware, even if you select cancel, IE still launches the app

).

In reality, this only a security hole if you have Firefox installed but continue to use IE. Why anyone would want to do that is beyond me.

Opera also have security holes but Opera fixed 100% of all it's security bug problem. Making it's the most secure browsers in Windows atm.

http://operawatch.com/news/2007/01/w...lly-fixed.html

I'm using Opera most of time. Sometime I used IE cos certain website don't like Opera. I used Firefox before but it's too slow so I abandon it.

**lynx** · 07-13-2007, 11:14 AM

Originally Posted by ulun64

Opera also have security holes but Opera fixed 100% of all it's security bug problem. Making it's the most secure browsers in Windows atm.

No, you still haven't got it.

Just because there are few people looking for security holes does not mean they don't exist. All the creators of browsers fix the security holes when they are found (eventually), that doesn't make any particular browser more secure than any other.

On the downside, if there are few people looking for security holes then any security holes that exist are more likely to go undiscovered. That makes such browsers potentially the least secure.

I'm not saying that Opera is any better or worse than other browsers, merely pointing out that your assumption does not have a valid basis.

Thread: 'Highly Critical' Flaw in Firefox 2.0

Thread Tools

Bookmarks

Bookmarks

Posting Permissions