Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security > Advisories

August 16th, 2007, 20:06 GMT · By Bogdan Popa

Windows Users at Risk

SHARE:

Adjust text size:



Enlarge picture
Some browsers can be corrupted to give out information from the computer, or worse: if properly exploited by a hacker, they can let him use malicious software upon the target's machine.

Specialists in security have stated that exploits will affect users that have Firefox
installed on their PC, and that hacks can emerge by using the relations between browsers. One great flaw to affect security has been discovered between Internet Explorer and Mozilla's browser. But that is not all. IE, which sometimes fails to filter data correctly, can cause problems in combination with Netscape Navigator and Trillian as well.

Security expert Billy Rios says this is "just the tip of the iceberg" since there are many more URI (Uniform Resource Identifier) related issues than the ones that Internet Explorer has, many more browsers having problems with "sanitizing parameters passed to URI handlers". So, basically, the computer does not double check if the command given to it does not come from an outside user that would harm the PC.

As NETWORKWORLD informs us, many security researchers that have taken a look at this problem state that a bug based on the relationship between Firefox and Internet Explorer could cause the computer to be at the attacker's mercy. As Thor Larholm explained, Firefox has its own protocol handler, called FirefoxURL, when Internet Explorer finds something that refers to data inside the FirefoxURL it ends up passing the whole request URI, with zero input validation. He also explained that you may specify any arguments to the Firefox .exe file, for your request, and exploiting this feature, one could add Javascript code and then execute it, with the prerogatives of a trusted content. Seems hard for a normal user to think or comprehend this method; it can't be too difficult for hackers though.

Bugs in the Uniform Resource Identifier, otherwise known as URI, are pretty nasty, since this a protocol used by Windows to launch programs. Having corrupted it, one hacker may easily use it in order to steal information from one's computer.

TELL US WHAT YOU THINK:

1,090 hits · 1 comment · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Windows Vista Ultimate Activation Crack Available for Download
Crack Available for Vista Validation Update
Windows Vista Activation Crack
DirectX 10...and so it ends!

READER COMMENTS:


Comment #1 by: CANARIS on 16 Aug 2007, 21:52 UTC reply to this comment

Windows users at risk?! This can't be! What does mr. Oiaga have to say about this?

Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use