The new critical firefox url ” URI Handler Registration Vulnerability”

[polonus]

Hi malware fighters,

We mentioned lately here on this forum a critical hole in FF causing the possibility arbitrary code to be executed through malicious code on certain visited websites. The motto stays as ever: "Watch where you click". The latest version of NoScript also provided full  protection against this critical vulnerability for over 20 days now.

Another possibility to solve this problem is after installing FF is to disable the firefox URI handler as follows:

firefoxurl” URI Handler Registration Vulnerability” solution:

   1. Disable the “Firefox URL” URI handler.

      how is that done then, people ask?
   2. Polonus Says:
       This could be a way to do it, save existing registry first:

      Open Windows Explorer, like enter My Computer (Not Firefox or any other browser).
      Click “Tools” in the top menu, find “Folder Options…”

      Select “File Types”, find:

      (NONE) Firefox URL

      Delete it.

    3. That's all, folks,

polonus

[DavidR]

That is an awful lot of trouble to go to, when if you visit one of these sites (with the malicious link) and you are using firefox even without NoScript, firefox pops-up an alert window about launching an external application (or words to that effect).

The simple option is don't use IE for browsing and the cross browser vulnerability is not a problem.

I don't know what the ramifications are of disabling the “Firefox URL” URI handler for normal browsing with firefox and having edited that setting most people will forget about it an probably never enable it as and when a patch is issued. This could potentially leave you vulnerable in the future because of any update/patch to the URL Handler.

I think this is a sledgehammer to crack a nut when exclude the real culprit IE from the equation and no cross browser vulnerability.

[polonus]

Hi DavidR,

I do not present it here for everybody to implement this. To me it also smells of overkill. I just put this here as I found it for those technically adapt that sought a permanent solution until the item has been patched or their browser is taken a version up. No I would not expect you to do this, with the latest (and that is true only the latest) version of NoScript you have all the protection you need.
But as you know polonus, and as you have read in the other threat of this zero-day hole, studied thoroughly all the various ways in which this hole (because of the very intricate interplay between IE and FF here) could be exploited (see the other thread), and here I added another way to block it, and I must admit this sounds like a rather drastic one, shooting a fly with a cannon! By the way look for the solution offered with bug 384384.

polonus