Vigil@nce: Firefox 3.0, no warning
June 2008 by Vigil@nce
SYNTHESIS
When user clicks on a link such as mailto, and if a warning
message is configured, this warning is not displayed.
Gravity: 1/4
Consequences: disguisement
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: unique source (2/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 19/06/2008
Identifier: VIGILANCE-VUL-7903
IMPACTED PRODUCTS
– Mozilla Firefox [confidential versions]
DESCRIPTION
When users click an a "mailto:" uri, an external software is
called to compose an email. Users can configure Firefox to be
warned before calling the software, via about:config :
network.protocol-handler.warn-external.mailto = true
network.protocol-handler.warn-external.news = true
network.protocol-handler.warn-external.nntp = true
network.protocol-handler.warn-external.snews = true
However, Firefox 3.0 does not honour this configuration and
directly opens the external software.
If the external software has a vulnerability, it will thus be
exploited as soon as the user clicks on the link.
CHARACTERISTICS
Identifiers: VIGILANCE-VUL-7903