All the latest UK technology news, reviews and analysis

Firefox attack uses Internet Explorer

by Iain Thomson

More from this author

13 Jul 2007

Be the first to comment

  • Tweet this
Firefox
Internet Explorer could be used to activate Firefox and run malicious code

An unusual browser attack has been found in which Microsoft's Internet Explorer can be used to activate Mozilla's Firefox and run malicious code.

The zero-day flaw uses a protocol handler that Firefox puts on the computer when it installs to handle 'firefoxurl://' commands.

Further reading

If Internet Explorer is used on a page that tries to use the 'firefoxurl://' the browser will activate Firefox automatically and allow malicious code to be run in JavaScript.

The flaw was found by security researcher Thor Larholm and published on his blog. No patch currently exists to deal with the problem. 

"While Mozilla is currently working on a fix, organisations need to take a proactive approach to mitigate risk to the network by alerting users to be careful when browsing the web and only visit trusted sites," said Paul Zimski, senior director of market strategy at Patchlink.

"Companies should be handling active scripting inside the Java browser to limit users visiting infected sites.

"While there are three critical patches that IT administrators have to deal with today, companies should prioritise and deploy the fix immediately for this exploit when it is released."

There is some confusion over which company should be providing a patch for this flaw. Secunia lists it as a Firefox flaw while SecurityFocus sees it as an Internet Explorer problem.

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Software

Maxthon 3 page

Maxthon 3.3.4.3000

Related white papers

Related articles

Related jobs

Today's top stories

Google logo

Google’s Motorola acquisition cleared by European and US competition authorities

Asus Transformer Prime vs Apple iPad 2

Apple iPad 2 vs Asus Transformer Prime head-to-head review

Apple logo

Apple commissions independent inspection of Foxconn iPhone and iPad factories

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

99%

0%

1%

0%

0%

Features

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

Khidr headshot

Intel will prove Steve Jobs wrong in the mobile market

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

Web Developer LAMP HTML CSS Bash Linux Cambridge.

Web Developer LAMP HTML CSS Bash Linux Cambridge...

Drupal / Web Developer - Chesterfield

Drupal / Web Developer ( PHP, Drupal, JavaScript, JQuery...

.NET / Web Developer

Web / .NET Developer ( ASP.NET, VB.NET, HTML, CSS, SQL...

Analyst / Developer (Case Management) - NW London - £35,000

Analyst / Developer (Case Management) - NW London - £35...

To send to more than one email address, simply separate each address with a comma.