This vulnerability affects also Portable Firefox?
Mozilla Firefox "FirefoxURL" URI Handler Registration Code Execution Vulnerability
http://www.frsirt.com/english/advisories/2007/2473
New: Kanri (Oct 9, '24), Platform 29.5.3 (Jun 27, '24)
1,100+ portable packages, 1.1 billion downloads
No Ads November!, Please donate today
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
Firefox Portable is Firefox, so it is vulnerable to the same bugs. An upcoming release fixes this.
Sometimes, the impossible can become possible, if you're awesome!
John,
I was asking the same question last night.
I would think that Firefox Portable would not be vulnerable as there would need to be something written to the registry to cause the vulnerability.
"This issue is caused by a design error within the "FirefoxURL://" URI handler which is _registered_ by the application during the _installation_ process"
Since FFP is not registered or installed in the "normal" way could we not be vulnerable?
Am I wrong in my understanding of this, or am I missing something?
It would be good to know for sure.
Is there something we can do to secure ourselves?
Timothy Clark
(\__/)(='.'=)(}>
Things have got to get better, they can't get worse, or can they?
I think you're right, Tim, since that URI is handled by the installer. Actually, yeah, you are right.
I think there may be one other issue being addressed in 2.0.0.5, though, so expect the FFP release same day as the FF release.
Sometimes, the impossible can become possible, if you're awesome!