You are here

"FirefoxURL" Vulnerability affects Portable Firefox?

4 posts / 0 new
Last post
rayray
Offline
Last seen: 13 years 5 months ago
Joined: 2007-07-11 09:18
"FirefoxURL" Vulnerability affects Portable Firefox?

This vulnerability affects also Portable Firefox?

Mozilla Firefox "FirefoxURL" URI Handler Registration Code Execution Vulnerability
http://www.frsirt.com/english/advisories/2007/2473

John T. Haller
John T. Haller's picture
Offline
Last seen: 2 hours 59 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Of course

Firefox Portable is Firefox, so it is vulnerable to the same bugs. An upcoming release fixes this.

Sometimes, the impossible can become possible, if you're awesome!

Tim Clark
Tim Clark's picture
Offline
Last seen: 13 years 7 months ago
Joined: 2006-06-18 13:55
Why

John,

I was asking the same question last night.

I would think that Firefox Portable would not be vulnerable as there would need to be something written to the registry to cause the vulnerability.

"This issue is caused by a design error within the "FirefoxURL://" URI handler which is _registered_ by the application during the _installation_ process"

Since FFP is not registered or installed in the "normal" way could we not be vulnerable?

Am I wrong in my understanding of this, or am I missing something?

It would be good to know for sure.
Is there something we can do to secure ourselves?

Timothy Clark
(\__/)(='.'=)(}>

Things have got to get better, they can't get worse, or can they?

John T. Haller
John T. Haller's picture
Offline
Last seen: 2 hours 59 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Hmm

I think you're right, Tim, since that URI is handled by the installer. Actually, yeah, you are right.

I think there may be one other issue being addressed in 2.0.0.5, though, so expect the FFP release same day as the FF release.

Sometimes, the impossible can become possible, if you're awesome!

Log in or register to post comments