This page makes Firebird opens Internet Explorer (vbscript: protocol)

RESOLVED FIXED

Status

()

Firefox
General
RESOLVED FIXED
15 years ago
14 years ago

People

(Reporter: Eric Harding, Assigned: Blake Ross)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:fix], URL)

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6a) Gecko/20031021 Firebird/0.7+
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6a) Gecko/20031021 Firebird/0.7+

I'm using windows XP Service pack 1 and am logged in as an administrator.  The
XP themes service is turned on.  Firebird is set to be my default browser and is
using the default theme.  I am also able to reproduce this bug on a friend's
computer with windows 2000.  The error does not occur in mozilla 1.5 or in a
linux build of firebird.  When I navigate to the given url or refresh the window
an Internet Explorer window opens with a document containing some fragments of
vbscript code.

Reproducible: Always

Steps to Reproduce:
1. Browse to URL

Actual Results:  
An internet explorer window opens with the following content: <HTML><SCRIPT
LANGUAGE=vbscript>var __w=[code];if(__w!=null)document.write(__w);</SCRIPT></HTML> 



Since this bug opens internet explorer which is less likely to be kept up to
date by a firebird user it might be possible to use this to open an internet
explorer window and exploit unpatched vulnerabilities there.

Comment 1

15 years ago
This was fixed for Seamonkey in bug 163648.  Maybe the prefs just need to be
copied over.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Internet explorer (which is the non-default browser) opens in a new window when navigating to this page in firebird → This page makes Firebird opens Internet Explorer (vbscript: protocol)
Clearing confidential flag since bug 163648 is public and Firefox is an obvious
next thing to test. This is fixed by bsmedberg's pref-unification changes that
made the 'birds pick up the default GRE prefs.
Group: security
Status: NEW → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → FIXED
Whiteboard: [sg:fix]
*** Bug 243383 has been marked as a duplicate of this bug. ***
You need to log in before you can comment on or make changes to this bug.