'Highly Critical' Flaw in Firefox 2.0
Security firm Secunia has issued an advisory regarding a newly discovered "highly critical" security flaw in Firefox 2.0 and later, which involves a special URI handler. Although the problem was initially attributed to Internet Explorer by researcher Thor Larholm, Firefox is the culprit.
According to Secunia, "Firefox registers the "firefoxurl://" URI handler and allows invoking Firefox with arbitrary command line arguments." This means that a malicious site visited in Internet Explorer could pass parameters using that URI handler that would be run automatically in Firefox, without any sort of validation. The firm suggests not visiting untrusted sites until the problem is resolved.