Firefox "wyciwyg://" Handler Vulnerability

WindowsBBS WindowsBBS Store HelpWithWindows

		Windows BBS > Internet & Networking > Firefox, Thunderbird & SeaMonkey
Firefox "wyciwyg://" Handler Vulnerability

FAQ

Donate

Mark Forums Read

Firefox, Thunderbird & SeaMonkey Post your questions about Mozilla based products (Firefox, Thunderbird & SeaMonkey) here.

Mission Statement

WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.

Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.

Discussion Forums
Operating Systems Windows 7 Windows Vista Windows XP Windows Server System Windows 2000 Windows 95/98/Me/NT
Internet & Networking Networking Internet Explorer Microsoft Mail Firefox, Thunderbird & SeaMonkey General Internet
Security General Security Malware and Virus Removal
Other Other Software Hardware Test Posts
Community Introductions General Discussions Comments & Suggestions News @ WindowsBBS

Forum Sponsor

LinkBack

Thread Tools

10th July 2007	#1
Ramona WindowsBBS Team Member Profile: Join Date: Dec 2001 Location: Missouri Posts: 7,501 Computer Experience: Experienced Learner My System	Firefox "wyciwyg://" Handler Vulnerability Firefox "wyciwyg://" Handler Vulnerability Secunia Advisory: SA25990 Release Date: 2007-07-10 Critical: Less critical Impact: Spoofing Exposure of sensitive information Where: From remote Solution Status: Unpatched Software: Mozilla Firefox 2.0.x Description: Michal Zalewski has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information and conduct spoofing attacks. The vulnerability is caused due to an error in the handling of the "wyciwyg://" URI handler. This can be exploited to access or spoof contents from a previously cached web site e.g. via HTTP 302 redirects when a user visits a malicious web page. The vulnerability is confirmed in version 2.0.0.4. Other versions may also be affected. Solution: Do not browse untrusted web sites. Provided and/or discovered by: Michal Zalewski Original Advisory: http://lcamtuf.coredump.cx/ffcache/

I don't like advertising!

Didn't find the information you thought to find?
Check out these Similar Threads

« Personal Toolbar | Firefox "firefoxurl" URI Handler Registration Vulnerability »

Thread Tools
Show Printable Version Email this Page

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Firefox "firefoxurl" URI Handler Registration Vulnerability	Ramona	Firefox, Thunderbird & SeaMonkey	1	11th July 2007 00:11
Firefox Sage Extension RSS Feed Script Insertion Vulnerability	Ramona	Firefox, Thunderbird & SeaMonkey	0	11th September 2006 20:55
Firefox File Upload Form Keystroke Event Cancel Vulnerability	Ramona	Firefox, Thunderbird & SeaMonkey	0	6th June 2006 22:27
Firefox Property Manipulation Cross-Site Scripting Vulnerability	Ramona	Firefox, Thunderbird & SeaMonkey	0	13th July 2005 21:38
Revisited - Mozilla / Mozilla Firefox Frame Injection Vulnerability	Ramona	Firefox, Thunderbird & SeaMonkey	0	6th June 2005 22:31

All times are GMT +1. The time now is 18:41.

[]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32