Press "Enter" to skip to content

Techy: Firefox Exploit (sortof)

It appears there is a new Mozilla Firefox based exploit around which (as these demos shown) can be utilised to practically run anything on your computer.

However, the reason I’ve added “sortof” is that Firefox doesn’t actually trigger the exploit itself – another browser (such as Internet Explorer) has to go to a URL starting firefoxurl:// which is then passed to the command line version of Firefox which then starts the exploit. Therefore, even if you just have Firefox installed (but not in use), you are at risk.

So how can you fix this? Secunia advises you to “Do not browse untrusted sites” (yep, like that is easy – especially with third party advertisements on “trusted sites”), and also to disable the “Firefox URL” URI handler. But how do you do this?

It’s reasonably simple:

Open Windows Exporer (not Internet Explorer) and from the Tools menu select “Folder Options” menu. On the dialog that appears select the “File Types” tab.

Now in the list of registered file types find the one that says:

“(NONE)” for extension and “Firefox URL” for file type

Select it and click on delete button to delete it.
Click on “OK” to close the “Folder Options” dialog.

If the delete button is greyed out, click it anyway, click [Advanced], [Remove], Sure? [yes].

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.