07.25.07 - 02:15pm
Issue
We are currently investigating an issue on Windows XP, where some urls for “web” protocols that contain %00 launch the wrong handler and appear to be able to launch local programs, with limited argument passing.
Impact
The impact to users is unknown at this point in time. We are working to verify this and in the [...]
07.23.07 - 04:46pm
On July 10th, I posted about a security issue in URL protocol handling on Windows. In the previous example, Internet Explorer was the entry point and Firefox was the application receiving the bad data.
Over the weekend, we learned about a new scenario that identifies ways that Firefox could also be used as the entry [...]
07.18.07 - 11:49am
Firefox 2.0.0.5 is now available and there is a fix for the URL protocol handling issue described here. We warned that other Windows applications may be vulnerable to this Internet Explorer issue, and on Sunday Nate Mcfeters, Billy Rios, and Raghav Dube posted a proof of concept that demonstrates the same attack through Internet [...]
07.10.07 - 02:04pm
Today security firm Secunia released an advisory on a security issue found (apparently) simultaneously and independently by Greg MacManus and Billy Rios based on a previously reported issue in Safari found by Thor Larholm.
Any Windows application that calls a registered URL protocol without escaping quotes may be used to pass unexpected and potentially dangerous data [...]
06.05.07 - 11:14am
The bugs Michael Zalewski posted to full-disclosure yesterday are getting some attention in the press. The information below is intended to provide some clarity on the severity of these issues and how they impact users.
Bug 382686 allows the attacker to spoof content and potentially javascript. The spoofed content would be in the attacker’s [...]