New extremely dangerous leak in FF!

Hi malware fighters,

The problems with firefox continues, and again around the same issue, the way the browser handles links, in which way remote attackers can take over the system:
The bug is within mailto, nntp, news and snews protocol handlers.

http://www.gnucitizen.org/blog/attack-of-the-url-vulnerabilities
Here you can find various demo’s: http://xs-sniper.com/blog/remote-command-exec-firefox-2005/

Update to the latest version of NoScript 1.1.6.06 to be secure.

It seems the days that Firefox was “the new kid on the block in the light of insecurities” are now over.

polonus

The sooner they build NoScript into the main firefox functionality the better and to cater for those that love it and those that loath it, the ability to enable or disable it according to their needs.

There are some that rail against the fact that they have to continually allow sites permission are the people that are more likely to be able to take care of themselves.

But for the masses this could be a life saver and in the course of normal browsing doesn’t get in the way that much. Once you have allowed your regularly visited trusted sites it is even less obtrusive.

Update to the latest version of NoScript 1.1.6.06 to be secure.
There's been an update V. 1.1.6.07 [url=http://noscript.net/getit][b]Get it here[/b][/url] :)

How do I get Firefox to open a link in a new tab when using NoScript ???

It worked fine till I added NoScript ???

Right click on link…select open in new tab and just clicking on a link loads a link in the background
is working fine here Bob latest NS and FF. Have you had a look at about:config settings?

Thanks Peter
I have the browser set to open links in a new tab.
Now it takes 2 steps. Right click and select open in a new tab.
If I just left click on a link (which is what I always did) I get a black screen and it then opens in the same window.

No Script NOW has version 1.1.6.08 available HERE.

It should still work in the same way with NoScript, but you may have to allow about:blank in NoScript as the new tab is a blank page first before it loads the new page. So when you have a blank page displayed and check NoScript and you will see scripts are blocked, I think javascript is used to open links in a new tab.

I also use the center button/wheel of the mouse on a link and that opens it in a new tab.

thanks-have the newest version :wink:
Thank you for upgrading NoScript!
V. 1.1.6.08 “XSS Was Yesterday”

Congratulations, you’ve got the latest version. ;D

Hi malware fighters,

But this sure is not the end of it. You will be surprised to find how many URL Handlers you have registered that could mean a potential sitting duck for this kind of remote exploit. To see what holes there will be in store for you, and to be able to find further leaks, here is a “Dump URL Handlers”(DUH!) script to find what is vulnerable on your system in relation to FF, according to me it is the tip of the iceberg, but we have been protected since July 22nd by No Script. If someone here does not install NoScript inside Firefox or Flock right away, he or she does not care about browser security, and if compromised has only him- or herself to blame.
Oh the link to the DUH! script: http://erik.cabetas.com/stuff/lameware/DUH.vbs

So what can we expect next, I did a minor exploration, in the pipeline are exploits for
URL Handlers vulnerable:
C:\Program Files\Adobe\Acrobat7.c\Reader\Acro Rd32.exe/ “%|”
CalToProtocol rundl32.exe msconf.dll, CallToProtocolHandler %|
FIREFOX.EXE - request pending -osint - url “%|”
URL:File Transfer Protocol “C:\Program Files\Internet Explorer\IEXLORE.EXE”%|
gopher URL: gopher protocol “C:\Program Files\Internet Explorer\iexplore.exe” nohome
HelpCenter Pluggable Protocol "C:\WINDOWS\PCHealth\HelpClr\Binairies\HelpCtrl.exe"From HCP -url "%| …
etc, etc. etc.

polonus

Hi malware fighters,

There is still something in the pipeline (literary) in the way of these URL-handling exploits, and they aren’t really that extremely intricate to build (|||“%” ;D), for those that do not use FF that much, you could remove the URL-handling protocols from your registry, and later when the tide has calmed out put them back on again, the way to do this is given in this link:
http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx

Seems to me these issues gonna be as hot as weak cgi was a while ago (for those interested google for polonus: sosnipo.html).
How it works can be found here: http://larholm.com/2007/07/25/mozilla-protocol-abuse/

http://www.ush.it/2007/07/25/clientside-security-hardening-mozilla-firefox/

and what they do about it:
https://bugzilla.mozilla.org/attachment.cgi?id=273260&action=diff

pol

Hi malware fighters,

Just after one day the new critical hole in FF has been patched:
https://bugzilla.mozilla.org/show_bug.cgi?id=389580
also the other hole has been patched.
https://bugzilla.mozilla.org/show_bug.cgi?id=389106
It looks now that IE has to take the blame…

polonus