Firefox is not alone in the critical vulnerability front today. Internet
Exploder Explorer has a validation flaw as well. Thor Larholm has posted an exploit PoC on his site.
There is an input validation flaw in Internet Explorer that allows you to specify arbitrary arguments to the process responsible for handling URL protocols. This is the same type of input validation vulnerability that I discovered in the Safari 3 beta (see â€œSafari for Windows, 0day exploit in 2 hoursâ€œ).
When Firefox is installed it registers a URL protocol handler called â€œFirefoxURLâ€. A typical shell open command for this handler is as follows:
C:\\PROGRA~1\\MOZILL~2\\FIREFOX.EXE -url â€œ%1â€³ -requestPending
When Internet Explorer encounters a reference to content inside the FirefoxURL URL scheme it calls ShellExecute with the EXE image path and passes the entire request URI without any input validation.
[tags]IE Exploit, Internet Explorer Exploit, Validation Flaw, 0 Day[/tags]