Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox and IE Still Not Getting Along

Posted by Zonk on from the kids-kids-kids dept.

juct writes "Heise describes a new demo showing how Firefox running under Windows XP SP2 can be abused to start applications. For this to work, however, Internet Explorer 7 needs to be installed. This severe security problem promises another round in the 'who-is-to-blame-war' between Mozilla and Microsoft. Mozilla currently is leading the race for a patch, as they have one ready in their bugzilla database. 'The authors of the demo note that there are many further examples of such vulnerabilities via registered URIs. What is so far visible is just "the tip of the iceberg". They state that registered URIs are tantamount to a remote gateway into your computer. To be on the safe side, users should, in the authors' opinion, deregister all unnecessary URIs - without, however, elucidating which are superfluous.'"

2 of 207 comments (clear)

  1. well.. by spotlight2k3 · · Score: 1, Flamebait

    If using firefox, is there really a need to have ie7 installed anyway?

  2. Microsoft's fault, yet again. by Zekasu · · Score: 0, Flamebait

    Clearly, the fault lies in Microsoft's IE7. Why? The problem comes from IE7, not Firefox. I don't know, but the last time I checked, Internet Explorer was integrated into the Windows Shell, laying room for much potential harm.

    My point being? If you have the plugin installed that allows Firefox to utilize ActiveX by running and instance of Internet Explorer in it, and someone has an ActiveX exploit on their page, which browser is liable to fix the vulnerability? Internet Explorer, obviously. Will they do it in a timely manner? Most likely not.