This vulnerability affects also Portable Firefox?
Mozilla Firefox "FirefoxURL" URI Handler Registration Code Execution Vulnerability
http://www.frsirt.com/english/advisories/2007/2473
You are here
"FirefoxURL" Vulnerability affects Portable Firefox?
July 11, 2007 - 9:34am
#1
"FirefoxURL" Vulnerability affects Portable Firefox?
July 11, 2007 - 10:33am
#2
Of course
Firefox Portable is Firefox, so it is vulnerable to the same bugs. An upcoming release fixes this.
July 11, 2007 - 11:37am
#3
Why
John,
I was asking the same question last night.
I would think that Firefox Portable would not be vulnerable as there would need to be something written to the registry to cause the vulnerability.
"This issue is caused by a design error within the "FirefoxURL://" URI handler which is _registered_ by the application during the _installation_ process"
Since FFP is not registered or installed in the "normal" way could we not be vulnerable?
Am I wrong in my understanding of this, or am I missing something?
It would be good to know for sure.
Is there something we can do to secure ourselves?
Timothy Clark
(\__/)(='.'=)(}>
July 11, 2007 - 11:45am
#4
Hmm
I think you're right, Tim, since that URI is handled by the installer. Actually, yeah, you are right.
I think there may be one other issue being addressed in 2.0.0.5, though, so expect the FFP release same day as the FF release.
Visit the Community page
Join our forums
Follow us on BlueSky