User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6a) Gecko/20031021 Firebird/0.7+ Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6a) Gecko/20031021 Firebird/0.7+ I'm using windows XP Service pack 1 and am logged in as an administrator. The XP themes service is turned on. Firebird is set to be my default browser and is using the default theme. I am also able to reproduce this bug on a friend's computer with windows 2000. The error does not occur in mozilla 1.5 or in a linux build of firebird. When I navigate to the given url or refresh the window an Internet Explorer window opens with a document containing some fragments of vbscript code. Reproducible: Always Steps to Reproduce: 1. Browse to URL Actual Results: An internet explorer window opens with the following content: <HTML><SCRIPT LANGUAGE=vbscript>var __w=[code];if(__w!=null)document.write(__w);</SCRIPT></HTML> Since this bug opens internet explorer which is less likely to be kept up to date by a firebird user it might be possible to use this to open an internet explorer window and exploit unpatched vulnerabilities there.
This was fixed for Seamonkey in bug 163648. Maybe the prefs just need to be copied over.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Internet explorer (which is the non-default browser) opens in a new window when navigating to this page in firebird → This page makes Firebird opens Internet Explorer (vbscript: protocol)
Clearing confidential flag since bug 163648 is public and Firefox is an obvious next thing to test. This is fixed by bsmedberg's pref-unification changes that made the 'birds pick up the default GRE prefs.
Status: NEW → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → FIXED
*** Bug 243383 has been marked as a duplicate of this bug. ***
You need to log in before you can comment on or make changes to this bug.