A serious zero-day flaw in Firefox on Windows XP could allow local programs to be executed after certain URLs launch the wrong handler in the system.
|Firefox Fixes FileType Flaw|
URLs containing the string %00 could have acted as vectors to start a local program. The problem stems from the way Firefox registers its URI handlers with the operating system, according to a pair of security researchers.
“Developers who intend to (or have already) registered URIs for their applications MUST UNDERSTAND that registering a URI handler exponentially increases the attack surface for that application,” Billy (BK) Rios and Nate McFeters said on their blog.
Remote command execution problems like these dwell in the current version of Firefox, 18.104.22.168, and with other browsers. The very limited %00 argument needed to spur local program execution raised concerns at Mozilla, though the actual impact of such execution hadn’t been determined.
A later update at the bug’s page currently lists its status as ‘Resolved Fixed’. The fix will probably emerge soon in a patch, so don’t be surprised if Firefox displays an advisory that an update to 22.214.171.124 has become available.
McAfee Deploys Free Rootkit Detective: A rootkit’s existence on an operating system completely compromises its security. Finding such code can be difficult even for security pros who have to step carefully through the OS to track down a rootkit.
Sony BMG’s placement of rootkit code on music CDs brought the topic to the forefront for the public. McAfee has announced the freely available Rootkit Detective to help people find out of such malicious code is on their systems.
“Rootkit Detective uncovers hidden processes, registry entries and files and lets users safely remove or disable them upon system reboot. In addition, Rootkit Detective can scan the integrity of a PCs kernel memory and display any modification, which may also point to a system compromise,” McAfee said in its product announcement.