An unusual browser attack has been found in which Microsoft's Internet Explorer can be used to activate Mozilla's Firefox and run malicious code. The zero-day flaw uses a protocol handler that Firefox puts on the computer when it installs to handle 'firefoxurl://' commands. If Internet Explorer is used on a page that tries to use the 'firefoxurl://' the browser will activate Firefox automatically and allow malicious code to be run in JavaScript.
The flaw was found by security researcher Thor Larholm and published on his blog. No patch currently exists to deal with the problem. "While Mozilla is currently working on a fix, organisations need to take a proactive approach to mitigate risk to the network by alerting users to be careful when browsing the web and only visit trusted sites," said Paul Zimski, senior director of market strategy at Patchlink. "Companies should be handling active scripting inside the Java browser to limit users visiting infected sites.
View:
The full story
News source:
vnunet Read full story...
More...
Hybrid Mode
