Tuesday, July 31, 2007

Firefox URI Handling Bug

Independent security researcher Billy Rios has uncovered a bug in Firefox. Details are in his blog. The bug involves the way Firefox handles URIs and could lead to remote command execution.

What's interesting is that this affects users who also have IE7 -- with the latest security patches -- installed on their system.

The story was also reported on SearchSecurity and SC magazine, which also ran a follow up article the next day. Alerts were posted by Secunia and CERT.

On a side note, the Rios blog is really interesting and worth a visit in itself. Rios writes about web, browser and application security.


Post a Comment

<< Home