By: Nate McFeters (nate dot mcfeters -at- gmail)
Billy (BK) Rios (billy dot rios -at- gmail)
Tested in FireFox 220.127.116.11 (and 3.0a6), Netscape Navigator 9, and Mozilla browser.
These examples are launched through the Firefox browser, but require the user to have Internet Explorer 7 installed on their machine. Although these specific examples require the user to click a link, it is possible to execute the exploit with no user interaction. Cross Site Scripting and Cross Site Request Forgery attacks for this vulnerability apply as well.
Once again, a flaw in the URI handling behavior allows for remote command execution. UNREGISTER ALL UNNECESSARY URIs NOW! This example shows flaws in Firefox, Netscape, and Mozilla browsers… other browsers are affected by related vulnerabilities.
Developers who intend to (or have already) registered URIs for their applications MUST UNDERSTAND that registering a URI handler exponentially increases the attack surface for that application. Please review your registered URI handling mechanisms and audit the functionality called by those URIs…
These can be launched with no user warning (simply click on the link):
The following require user interaction: