New URI Browser Flaws Worse Than First Thought

Posted by samzenpus on Wednesday August 15, 2007 @09:00PM from the bad-to-worse dept.

narramissic writes "URI (Uniform Resource Identifier) bugs have become a hot topic over the past month, since researcher Thor Larholm showed how a browser could be tricked into sending malformed data to Firefox. Now, security researchers Billy Rios and Nathan McFeters say they've discovered a number of ways attackers could misuse the URI protocol handler technology to steal data from a victim's computer. 'It is possible through the URI to actually steal content form the user's machine and upload that content to a remote server of the attacker's choice,' said McFetters, a senior security advisor for Ernst & Young Global Ltd. 'This is all through functionality that the application provides.'"

2 of 149 comments (clear)

Min score:

Reason:

Sort:

What is the OS coverage? by pembo13 · 2007-08-15 21:34 · Score: 0, Redundant

If this only works on Windows, then I feel fairly secure; I rarely keep important files on my Windows machine. If this works in Linux, then I'll have to leave Firefox off for awhile.

--
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
Re:Responsible application launching by Goaway · 2007-08-16 00:20 · Score: 0, Redundant

Yes, because asking "Would you like to open Firefox to use this link?" is such a clear indication that your system is about to be hacked.