306317 - Seamless override of iexplore.exe

Status: RESOLVED WONTFIX

(Firefox :: Shell Integration, enhancement)

Description

[Sam Johnston]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.2; en-GB; rv:1.7.10) Gecko/20050717 Firefox/1.0.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-GB; rv:1.7.10) Gecko/20050717 Firefox/1.0.6

It is possible to cause Firefox to open whenever iexplore.exe is executed (eg at
the CreateProcess level) by creating the following registry key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File
Execution Options\iexplore.exe]
"Debugger"="C:\\Program Files\\Mozilla Firefox\\firefox.exe /dummy"

This means that Internet Explorer links will start firefox while retaining the
Internet Explorer logo, and anything which calls iexplore.exe directly will also
start Firefox. The '/dummy' argument causes firefox to ignore the iexplore.exe
which is automatically appended (this functionality is, after all, intended for
use by debuggers), yet it is still possible to open URLs by calling eg
'iexplore.exe http://www.mozilla.org', which becomes 'firefox.exe /dummy
iexplore.exe http://www.mozilla.org'. A command line option which caused firefox
to ignore the iexplore.exe and correctly process iexplore.exe command line
arguments would make for truly seamless integration.

SysInternals' Process Explorer application uses this to provide a 'Replace Task
Manager' option and I would like to see Firefox provide a similar 'Replace
Internet Explorer' option. This would be useful for users who wish to ensure
that Firefox is always used instead of Internet Explorer, usually to improve
security in corporate or hostile environments (schools, internet cafes, etc.)
but it would also be useful for home users.

There was (temporarily) an option to provide similar functionality in the
Add/Remove Programs applet, but that option appears to have vanished in my
windows 2003 server installation. I'm not sure how that functionality was
implemented, but I suspect it was through associations.



Reproducible: Always

Comment 1

[Dave Townsend [:mossop]]

To my understanding this would make it impossible for users to still use
Internet Explorer, making it impossible for them to get any updates for their
operating system or any of the other array of products that use Windows Update,
Office Update or the similar update services.

I hope this will be a WONTFIX.

Comment 2

[Sam Johnston]

(In reply to comment #1)
> To my understanding this would make it impossible for users to still use
> Internet Explorer, making it impossible for them to get any updates for their
> operating system or any of the other array of products that use Windows Update,
> Office Update or the similar update services.

wuauclt.exe installs updates in the background without opening iexplore.exe or
requiring user intervention. It is installed with Windows 2000 Service Pack 3 or
Windows XP SP1, or can be downloaded from
http://www.microsoft.com/windows2000/downloads/recommended/susclient/default.asp

Presumably Microsoft Update operates in the same fashion, although I'm not sure
if/when they'll release the new client through the existing one... or whether
pointing IE at http://update.microsoft.com will be reqired for non-corporate
users (WSUS users will be updated).

Since when was installing software through browsers a good idea anyway?

> I hope this will be a WONTFIX.

Perhaps this is best not exposed to the masses and would be better as an
about:config setting; perhaps functionality will change; perhaps virus scanners
will see it as an attack vector and warn/change these settings; any which way
it's good to see some discussion about it.

I know I personally would like the option of ensuring ieplore.exe never runs
without having to risk the stability of my system by uninstalling it.

Comment 3

[Mike Connor [:mconnor]]

We're not going to carry around code that uses a registry trick to effectively
break Internet Explorer.  If people want to do this, they can hack their own
registry or get some sort of utility that'll do this hack.