This vulnerability affects also Portable Firefox?
Mozilla Firefox "FirefoxURL" URI Handler Registration Code Execution Vulnerability
http://www.frsirt.com/english/advisories/2007/2473
You are here
"FirefoxURL" Vulnerability affects Portable Firefox?
July 11, 2007 - 9:34am
#1
"FirefoxURL" Vulnerability affects Portable Firefox?
July 11, 2007 - 10:33am
#2
Of course
Firefox Portable is Firefox, so it is vulnerable to the same bugs. An upcoming release fixes this.
July 11, 2007 - 11:37am
#3
Why
John,
I was asking the same question last night.
I would think that Firefox Portable would not be vulnerable as there would need to be something written to the registry to cause the vulnerability.
"This issue is caused by a design error within the "FirefoxURL://" URI handler which is _registered_ by the application during the _installation_ process"
Since FFP is not registered or installed in the "normal" way could we not be vulnerable?
Am I wrong in my understanding of this, or am I missing something?
It would be good to know for sure.
Is there something we can do to secure ourselves?
Timothy Clark
(\__/)(='.'=)(}>
July 11, 2007 - 11:45am
#4
Hmm
I think you're right, Tim, since that URI is handled by the installer. Actually, yeah, you are right.
I think there may be one other issue being addressed in 2.0.0.5, though, so expect the FFP release same day as the FF release.
Visit the Community page
Join our forums