Closed Bug 365286 Opened 18 years ago Closed 14 years ago

firefox launche external browser - ex IE6.

Categories

(Firefox :: General, defect)

2.0 Branch
x86
Windows XP
defect
Not set
normal

Tracking

()

RESOLVED INCOMPLETE

People

(Reporter: bugzilla.noneoff, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9
Build Identifier: see in details

firefox allow luanching external browser - the defualt browser(IE) on the OS with a specific url.

tested on 1.5.0.9 and 2.0P

Reproducible: Always

Steps to Reproduce:
to reproduce the problem:
create an WMP object 
the media *content* is ASX format (XML LIKE -http://www.microsoft.com/windows/windowsmedia/howto/articles/adsolutions.aspx),
that embed an html file.
in the html file use an SWF object the luanche a url with ActionScript command getURL(). (not checked with js)


Actual Results:  
luanche the defualt browser, IE6

Expected Results:  
launche only in firefox or even better block the launching from wmp object 

wmp render the html with IE engine. and when SWF object request url its use the IE as the current browser.
I don't see the security problem here... if someone has IE as their default browser then you shouldn't be surprised when the OS picks IE to handle browser content. Note that it is not Firefox launching IE in this case, it's WMP, and Firefox has no control over what a plugin does with its content (which is why you should only install plugins you trust and that are well maintained).
Group: security
AFAIK, if media player is installed  firefox will use it, if require.

also this addon appear on mozilla main site.
https://addons.mozilla.org/firefox/plugins/
try look at it from a basic user prespective.


I am sure I am not the only one who have this type of configuration, and there is many users out there that this "functionality" work on there pc.
and knowledged that when they surf with firefox they're safe.

not just this expose the user to any known or unknowed IE engine vulnerabilty, its pass the popup blocker.

if firefox is unable to control it, i understand, i just bring it to conscious.
Component: Security → General
QA Contact: firefox → general
Version: unspecified → 2.0 Branch
This bug was reported on Firefox 2.x or older, which is no longer supported and will not be receiving any more updates. I strongly suggest that you update to Firefox 3.6.3 or later, update your plugins (flash, adobe, etc.), and retest in a new profile. If you still see the issue with the updated Firefox, please post here. Otherwise, please close as RESOLVED > WORKSFORME
http://www.mozilla.com
http://support.mozilla.com/kb/Managing+profiles
http://support.mozilla.com/kb/Safe+mode
No reply, INCOMPLETE. Please retest with Firefox 3.6.x or later and a new profile (http://support.mozilla.com/kb/Managing+profiles). If you continue to see this issue with the newest firefox and a new profile, then please comment on this bug.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.