Billy Rios has let me know about another vulnerability he has found along with Nate McFeters. Here are the URLs, which when clicked from Firefox running on Windows should spawn cmd.exe and calc.exe in order to demonstrate remote execution flaws in Firefox:
mailto handler
nntp handler
news handler
snews handler
telnet handler
So, to recap, here are the list of events:
- Rios and McFeters release a proof of concept demonstration exploiting a URI handling vulnerability in the
firefoxurlhandler - Ms. Snyder(of Microsoft fame, now head of security at Mozilla) recommends people stick to Firefox to stay safe:
It is important to note that if you are using Firefox to browse the web you *are not* vulnerable to this attack. While we have seen no evidence of attackers exploiting this issue, there is proof of concept code available publicly. So we recommend that people use Firefox and as always take care when browsing unknown websites - Ms. Snyder admits that Firefox itself does not sanitize paramters passed to URI handlers
- Rios and McFeters, in their quest to prove Ms. Snyder right (see 3), release the above set of exploits demonstrating remote execution vulnerabilities in Firefox caused due to Firefox’s inability to sanitize URI parameters
This vulnerability will be fixed in Firefox 2.0.0.6 due to be pushed out soon (hopefully).
Strangely enough, those urls don't work on my Firefox 2.0.0.5
yeah, those do not work with mine too
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4
:)
mechanix: The vulnerability affects Windows only
No, they don't work. FF 2.0.0.5, Windows XP Pro.
PS. I guess the reason they don't work is that I use OE for email and news. Haha.