Firefox Quickies

First, Gypsy2012 writes with a highly critical security flaw involving both Firefox 2.0 and Internet Explorer, which could allow a malicious attacker to gain remote control of a user's system. It exploits the "firefoxurl://" URI handler. ... Next, reader dsinc sends word that the beta for Firefox 3 has slipped by 6 weeks. The new target date is September 18 at the earliest. The article wonders whether the final release will slip into 2008. ... Finally, reader jktowns points out new anti-phishing features in the latest nightly build of Firefox 3. One of them was added into the code base by the guy who developed the LocationBar² extension.

Re:Demonstration

[fatphil]

"There is no standardized way to parse command lines, and no standardized way to escape them."

If that's the case, then windows is broken beyond repair.

Firefox does not chose how to parse the command line, that happens before main() is ever called. Firefox _does_ get argc and argv. So yet again, it's not Firefox's fault. It's just doing what it's told. Whatever it is between the exec()/spawn() (lauchyadayada()) and the child's main() must have _some_ specified behaviour. If MS do not specify that bahaviour then this is even more of an OS issue than I previously thought.

Or are you saying that firefox implements its own _setargv, to get around the above issue?