Techy: Firefox Exploit (sortof)

July 11th, 2007 by Richy B. Leave a reply »

It appears there is a new Mozilla Firefox based exploit around which (as these demos shown) can be utilised to practically run anything on your computer.

However, the reason I’ve added “sortof” is that Firefox doesn’t actually trigger the exploit itself – another browser (such as Internet Explorer) has to go to a URL starting firefoxurl:// which is then passed to the command line version of Firefox which then starts the exploit. Therefore, even if you just have Firefox installed (but not in use), you are at risk.

So how can you fix this? Secunia advises you to “Do not browse untrusted sites” (yep, like that is easy – especially with third party advertisements on “trusted sites”), and also to disable the “Firefox URL” URI handler. But how do you do this?

It’s reasonably simple:

Open Windows Exporer (not Internet Explorer) and from the Tools menu select “Folder Options” menu. On the dialog that appears select the “File Types” tab.

Now in the list of registered file types find the one that says:

“(NONE)” for extension and “Firefox URL” for file type

Select it and click on delete button to delete it.
Click on “OK” to close the “Folder Options” dialog.

If the delete button is greyed out, click it anyway, click [Advanced], [Remove], Sure? [yes].

This post is over 6 months old.

This means that, despite my best intentions, it may no longer be accurate.

This blog holds over 12 years of archived content - during that time, I may have changed my opinion of something, technology will have advanced (and old "best standards" may no longer be the case), my technology "know how" has improved etc etc - it would probably take me a considerable amount of time to update all the archival entries: and defeat the point of keeping them anyway.

Please take these posts for what they are: a brief look into my past, my history, my journey and "caveat emptor".

Leave a Reply

%d bloggers like this: