A new security flaw, rated as "highly critical", has been discovered in Firefox 2.0+ by the security firm, Secunia.
The security hole involves a 'special' Uniform Resource Identifier (URI) handler where, according to Secunia, "Firefox registers the "firefoxurl://" URI handler and allows invoking Firefox with arbitrary command line arguments."
Thor Larholm--a computer security expert and a Senior Security Researcher for PivX Solutions, LLC--originally thought Internet Explorer was the culprit, but according to Secunia, "a malicious site visited in Internet Explorer could pass parameters using that URI handler that would be run automatically in Firefox, without any sort of validation."
They recommend that you do not visit any untrusted sites until the problem is resolved.
Source: BetaNews
Related: Neowin.Net
July 17, 2007
Neowin.Net: Cross-browser Firefox/IE flaw worsens
Bookmarks