Not for the Faint of Heart: Multiple Exploits Affecting Firefox, IE, Netscape, and Trillian

by Nitesh Dhanjani

URI Use and Abuse written by my good friends Billy Rios, Nathan McFeters, and Raghav Dube (affectionately known as "baby Dube") exposes how web browsers and applications fail to sanitize URIs leading to remotely exploitable conditions.

Billy started the ball rolling (after deriving inspiration from Thor's Safari URI handling disclosure) when he discovered a remotely exploitable vulnerability in the firefoxurl handler. An example of his this can be exploited in IE is available from Billy's disclosure: Click on this from IE to spawn cmd.exe (remote execution). Note: cmd.exe will spawn regardless of any IE or Firefox dialogs.

3 Comments

sjs
2007-07-15 22:40:59
On which platforms is Firefox vulnerable to these attacks? IE and Trillian are clearly only for Windows, but what about the others? Is Safari vulnerable on OS X?
Nitesh
2007-07-16 15:47:11
Windows only for now.
MMB
2007-07-16 15:49:37
IF I'm reading the paper written by Billy, Nate and Raghav in the right manner, this looks like these are only Microsoft problems. I don't see the right coding for Linux.