Results 1 to 3 of 3

Thread: Zero-Day Hits IE-Firefox Combo

  1. #1
    Head Honcho Administrator Reverend's Avatar
    Join Date
    Apr 2002

    Zero-Day Hits IE-Firefox Combo

    Security researcher Thor Larholm has discovered a zero-day vulnerability that could lead to remote attackers hijacking systems running both Internet Explorer and Firefox.

    Larholm is calling this an IE zero day, blaming the vulnerability on an input validation flaw in Internet Explorer that allows users to specify arbitrary arguments to the process responsible for handling URL protocols. It's t...


  2. #2
    Precision Processor Super Moderator egghead's Avatar
    Join Date
    May 2002
    In Your Monitor
    The flaw arises when IE fails to validate the handler and passes any parameters in the request directly to the firefox.exe process as arguments or options.

  3. #3
    Senior Member blackhat's Avatar
    Join Date
    Oct 2005
    Since my current setup has run w/o problem for over 4 yrs, I haven't learned much about computer architecture since the days when Dos and Windows were separable and I had the "Hood up" regularly.
    Can these types of vulnerabilities be exploited when:
    1) Browser open, logged on w/administrator privileges.
    2) Browser open, logged on w/o admin. privileges.
    3) Browser closed, logged on as administrator.
    4) Browser closed, logged on w/o administrator privileges.
    I guess my question is, How can someone get remote access to operate on my Browser? DRB

    "Will Golf for Food"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts