This vulnerability affects also Portable Firefox?
Mozilla Firefox "FirefoxURL" URI Handler Registration Code Execution Vulnerability
http://www.frsirt.com/english/advisories/2007/2473
New: Audacious (June 1, 2023), Platform 25.0 (Apr 07, 2023)
New Apr 14: macOS Portable Drive Support
450+ real apps (49GB), 1.1 billion downloads, Please donate.
This vulnerability affects also Portable Firefox?
Mozilla Firefox "FirefoxURL" URI Handler Registration Code Execution Vulnerability
http://www.frsirt.com/english/advisories/2007/2473
Firefox Portable is Firefox, so it is vulnerable to the same bugs. An upcoming release fixes this.
John,
I was asking the same question last night.
I would think that Firefox Portable would not be vulnerable as there would need to be something written to the registry to cause the vulnerability.
"This issue is caused by a design error within the "FirefoxURL://" URI handler which is _registered_ by the application during the _installation_ process"
Since FFP is not registered or installed in the "normal" way could we not be vulnerable?
Am I wrong in my understanding of this, or am I missing something?
It would be good to know for sure.
Is there something we can do to secure ourselves?
Timothy Clark
(\__/)(='.'=)(}>
I think you're right, Tim, since that URI is handled by the installer. Actually, yeah, you are right.
I think there may be one other issue being addressed in 2.0.0.5, though, so expect the FFP release same day as the FF release.