Internet Explorer 7 and Firefox 2.0 share a logic flaw. The issue is actually more severe, as the two versions of the Microsoft and Mozilla browsers are not the only ones affected. In this regard, the vulnerability impacts Internet Explorer 5.01, Internet Explorer 6 and Internet Explorer 7 but also Firefox 126.96.36.199. Microsoft has stressed the fact that IE7 on Windows Vista is not affected in any manner.
IE, Firefox Share Vulnerability
About The Author
Follow me on Twitter @thomholwerda
2007-02-27 6:37 pmTanner
Is this FUD?
So for you Firefox is a reverse engineered version of IE…
Don’t you know that HTML is a markup language universally known, so you can make yourself your personal rendering engine for html pages.. Would it be a reverse-engineered version of MS Internet Explorer? ….
-__- my god.
2007-02-27 9:15 pmNico57
Don’t think that’s the way he meant it.
Try it again changing IE for Firefox and vice versa.
I tried the demonstration at:
And nothing happened. This is Firefox 188.8.131.52 on XP. Perhaps the demonstration is buggy.
2007-02-27 6:54 pmpandronic
It worked here.
Firefox 184.108.40.206, WinXP SP2, running with admin user.
2007-02-27 10:49 pmcg0def
hey dude, I am running XP SP2 with all the latest patches applied and Firefox 2.0.2 and this exploit NO LONGER WORKS. So next time get your story straight and then post.
2007-02-28 12:35 amumccullough
I am running XP SP2 with all the latest patches applied and Firefox 2.0.2 and this exploit NO LONGER WORKS
Same here, and it works fine. Damn, must suck when you can’t even get a perfectly working exploit to work
2007-02-28 1:05 amsmitty
Just to reiterate, yes it does work with Firefox 220.127.116.11 and XP SP2.
2007-02-28 8:01 pmSnifflez
Are you logged as an admin or a user with ‘read’ rights to C:oot.ini ?
This doesn’t really surprise me – but I wouldn’t have thought of it
For the record, it does work on my system… but I have to type very slowly as it’s shifting focus around and has a hard time keeping up.
Edited 2007-02-27 18:51
how does the test work in linux? my boot drive is hdb1, incidentally i like penguins?
The example won’t work on my machine, since my boot.ini is on F:
Worth noting it doesn’t work in Opera either.
Yeah, sure, since Vista doesn’t have a boot.ini it’s not affected.
2007-02-27 9:21 pmumccullough
Good point – in fact I believe I read that this problem exists on Firefox on Linux as well – allowing the upload of a file that the user has access to (i.e. /etc/passwd if the user is root) – would be interesting to see the same exploit written for that scenario
update: oh, someone did
Edited 2007-02-27 21:30
2007-02-28 1:07 pmdylansmrjones
Doesn’t work too well. One has to write very very slowly for the example to work. But it does illustrate it, though.
2007-02-28 1:48 amdeathshadow
>> Yeah, sure, since Vista doesn’t have a boot.ini
>> it’s not affected.
The example doesn’t work – the technique itself DOES. Theoretically you could pull any file, so long as you were able to get the user to type in ALL the characters in the filename in the order you want them... Which is why embedding this into a blog, forums or any other large text entry box could be a easy way to gather information…
The above paragraph for example, could (in theory) be used to pull info.txt from the current default browser upload directory (notice the bits in italic)
Would be interesting to see if it could be exploited by making it look like some kind of captcha.
Edited 2007-02-28 01:49
2007-02-28 3:51 amNico57
😀 <- This is a smiley, Mr. “I know better” Deathshadow. It’s supposed to express a humorous meaning. Since Vista not having a boot.ini is no fun at all, there must be a catch…
Running Ubuntu Edgy with Firefox 18.104.22.168 and it does not work.
By default, Konqueror asks the user for confirmation when sending a local file. Simple and effective, whatever tricks the webpage may use to set the input to a malicious value.
2007-03-01 3:22 amumccullough
Konqueror asks the user for confirmation when sending a local file
And I would hope this is exactly what will be done with Firefox. That feature along with whitelisting support should be sufficient, and I mean jeez – how often do people upload to a website. Usually one uses just a few such sites regularly (email, photo sharing…)
Not sure about IE, Microsoft has a habit of doing stupid things to “fix” exploits.
A piece of software has a bug in it. Software reverse-engineered from the main piece of sofware has the same bug in it. Film at 11.