Mozilla/Firefox Bug Allows Arbitrary Program Execution

treefort writes "An article at eWeek has the lowdown. The article also has a link to the bug report which addressed this issue some time ago. Still, I feel safer using Firefox since malicious persons are much more unlikely to target any vulnerabilites. Note that this only affects users of Mozilla and Firefox on Windows XP or Windows 2000." New releases are already available on mozilla.org that fix this. Update: 07/09 00:41 GMT by CN : I removed the bum link to Bugzilla, since I guess they don't like us. Also I discovered that OSDN's own NewsForge has more on the situation.

Blast!

[darth_MALL]

"Note that this only affects users of Mozilla and Firefox on Windows XP or Windows 2000"...there goes a perfectly good Ha-Ha!. You've bested me this time *NIX...But you haven't seen the last of ME! BWAHAHA!

And this line says all I need to know

[GMFTatsujin]

"Researchers are reporting another security issue in Web browsing under Windows"

Sounds like a Windows problem, not a Mozilla problem. Oh, wait a minute...

Current versions of Mozilla and Firefox pass unknown protocol handlers to the operating system shell to handle.

Ding! Next. However:

The attacker would have to know the location in the file system of the program

So just in case, I'm renaming my /bin, /sbin, and /usr directories to /zurg, /mumph, and /splunge. Bring it, you haxx0rs!

Huh?

[nettdata]

malicious persons are much more unlikely to target any vulnerabilites

I disagree... if anything, malicious people are MUCH more likely to target vulnerabilities.

Re:Blast!

[AuMatar]

Sure we have. I haven't seen an ME installation in years.

This proves once and for all

[dicepackage]

How dangerous Mozilla can be. Everyone should be listening to Microsoft and use a secure browser such as Internet Explorer that isn't littered with security vulnerabilities.

hows is this different than file:///

[adamshelley]

in ie if i type

file:///c:/windows/system32/mspaint.exe

I can load the program, in firefox it prompts me to download it and disables the open option.

does this mean IE has always been vulerable to this type of bug?

Re:Next!

[Carnildo]

Well, for all those who are browser-shopping, FireFox gets marked off the list of contenders. Who's next?

NCSA Mosaic?

Re:A clear advantage

[Anonymous Coward]

No, the web page was tampered with and you are now broadcasting spam.

Re:Thanks!

[Anonymous Coward]

Modded up for saying thanks?

Thanks for saying thanks! Thanks!

--
+4 'interesting'

Re:A clear advantage

[EvanED]

Oh, good. That makes me feel a lot better knowing that they were sitting around deciding not to fix it.

Intentional

[kyjello]

This is added intentionally so that Mozilla contains all of the features of Internet Explorer.

Oh yes, that's right! I went there.

Re:So who's going to tell all the recent converts?

[imogthe]

Well... We could always petition Microsoft to include Firefox/Mozilla in their Windows Update(TM) scheme :)

After that we'll move on to include the Gimp and OpenOffice. Before you can say "global domination" we'll have a perfectly good Microsoft Linux distro and whammo... 99% of the desktop belongs to the penguin.

But then again... maybe not.

Re:A clear advantage

[nacturation]

Very true- no software ever written has been 100% bug free.

Oh yeah???

• #include<stdio.h>

  int main()
  {

  • printf("Hello World\n")
    return 0;
  }

Re:A clear advantage

[mobets]

lol, you forgot the semicolon after the pritf line...

#include
int main()
{
printf("Hello World\n");
return 0;
}

Re:A clear advantage

[Anonymous Coward]

lol, you forgot the #include filename :)

Heretic, YOU MUST BURN!

[Saeed al-Sahaf]

Heretic, YOU MUST BURN!

Re:A clear advantage

[Anonymous Coward]

Well well, one bug fixed, another created.

Re:And this line says all I need to know

[Telex4]

The attacker would have to know the location in the file system of the program

So just in case, I'm renaming my /bin, /sbin, and /usr directories to /zurg, /mumph, and /splunge. Bring it, you haxx0rs!

Well now you've blown it!

Hint: Security through obscurity requires obscurity.

Re:A clear advantage

[CyanDisaster]

...no software ever written has been 100% bug free...

Uh...those aren't bugs. The program was supposed to do that. They're features. Yeah...that's it...features.

Hope be with ye,
Cyan

Fix:

[mlk]

Download the fix here! [microsoft.com]

Re:A clear advantage

[Aldurn]

You forgot to HTML-escape the #include line, and you misspelled "printf" :)

#include <stdio.h>
int main(int argc, char **argv)
{
printf("Hello World\n");
return 0;
}

Re:A clear advantage

[mingot]

Would you use printf to diplay the error message if it did?

Re:A clear advantage

[dspeyer]

As they say...

Every program has at least one bug and can be shortened by at least one instruction -- from which, by induction, one can deduce that every program can be reduced to one instruction which doesn't work.

Incidentally, does the lack of proper interationalization in the original code count as a bug?

Im on pins and needles

[koan]

Waiting for the homeland propanganda......errr homeland security to advise us not to use it.

Re:Blast!

[mbourgon]

I feel safe, though... my 98 box is still immune.

Re:A clear advantage

[tunah]

Bah, if they were really onto it, they would have embedded the exploit in the slashdot page and use it to patch your browser without clicking ANYTHING!

Re:A clear advantage

[ak3ldama]

what i don't get is how people on slashdot can argue about a hello world example ... or why i'm even posting this

Re:A clear advantage

[evilviper]

#include<stdio.h>

Ah HAH!

vi stdio.h
exec("rm", -rf /)

Muwahahahaha

Re:Bad way

[beeblebrox87]

Firefox is designed for Linux AND Windows. It has been the goal of the project to provide equivalent levels of support for both systems since it was called Phoenix.

IMHO, they should worry more about security with the Linux version than the Windows one, as anybody using Windows has pretty clearly shown that they don't care much about security anyway.