Linux Today: Linux News On Internet Time.
Search Linux Today
search.internet.com
Linux News Sections: Blog - Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Blog
Linux Today Navigation
LT Home
Preferences
Contribute
Link to Us
Search
Linux Jobs

Marketplace Partners

internet.commerce
Be a Commerce Partner

The Linux Channel at internet.com
Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Technology Jobs

searchcats.jpg
search.jpg

February 2009
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28

Chicken? Or the Egg?

By Brian Proffitt on July 12, 2007 10:24 PM | | Comments (0)

There's this debate right now going on about a security hole in Firefox.

I haven't linked to any of the coverage on Linux Today, because it seems to be a Windows-only issue. Interestingly, this exploit seems to also depend on Internet Explorer, and right now security analysts can't seem to decide which browser is more at fault.

Here's what's happening.

If an IE user clicks on a firefoxurl: URI, the new page is launched in Firefox. According to Steve Kerrison over at Hexus:

Thor Larholm, discoverer of the flaw, writes: "it is possible to specify arbitrary arguments to the 'firefox.exe' process. This is where the '-chrome' command line argument comes in handy, as it allows us to specify arbitrary Javascript code which is then executed within the privileges of trusted Chrome content..."

The debate comes in with these two sides of the argument: IE lets the fake request through, but Firefox still accepts it. Which, then, is more at fault?

Well, seeing how this fault isn't showing up on Linux, or OS X for that matter, the fault clearly lies with...

Windows, perhaps the biggest exploit of them all.

Categories:

Leave a comment


All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux, Apache and PHP

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Solutions

Whitepapers and eBooks

Microsoft Whitepaper: Total Economic Impact of SQL Server 2008 Upgrade
Internet.com eBook: Becoming a Better Project Manager
Nokia Whitepaper: Improving Performance Across Platforms with Qt and Multithreading
Microsoft Partner Portal: Helping Customers in a Down Economy
Small Business Solution Exchange: Is It Time for VoIP?
  Internet.com eBook: Web Development Frameworks for Java
Adobe eBook: Open Up the Knowledge in Your Organization
Internet.com eBook: Developing a Content Management System Strategy
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Microsoft Video: Quick Start Your Windows Azure Development
Microsoft Partner Portal Video: Microsoft Gold Certified Partners Build Successful Practices
   HP On Demand Webcast: Grid Computing Meets Business
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Microsoft Download: SQL Server 2008--180-Day Trial
Microsoft Download: Silverlight 2 SDK
30-Day Trial: SPAMfighter Exchange Module
Iron Speed Designer Application Generator
   Microsoft Download: Silverlight 2 Developer Runtime (Windows)
Amyuni Download: PDF and XPS Engine for Your .NET and ActiveX Applications
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Microsoft Article: RIA Apps For Python and Ruby Developers--Made Possible With Silverlight 2
Access Silverlight Hosting Resources
Microsoft Article: Getting Started with Silverlight for Eclipse
   Internet.com Hot List: Get the Inside Scoop on the Hottest IT and Developer Products
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES