User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:18.104.22.168) Gecko/20061206 Firefox/22.214.171.124 Build Identifier: see in details firefox allow luanching external browser - the defualt browser(IE) on the OS with a specific url. tested on 126.96.36.199 and 2.0P Reproducible: Always Steps to Reproduce: to reproduce the problem: create an WMP object the media *content* is ASX format (XML LIKE -http://www.microsoft.com/windows/windowsmedia/howto/articles/adsolutions.aspx), that embed an html file. in the html file use an SWF object the luanche a url with ActionScript command getURL(). (not checked with js) Actual Results: luanche the defualt browser, IE6 Expected Results: launche only in firefox or even better block the launching from wmp object wmp render the html with IE engine. and when SWF object request url its use the IE as the current browser.
I don't see the security problem here... if someone has IE as their default browser then you shouldn't be surprised when the OS picks IE to handle browser content. Note that it is not Firefox launching IE in this case, it's WMP, and Firefox has no control over what a plugin does with its content (which is why you should only install plugins you trust and that are well maintained).
AFAIK, if media player is installed firefox will use it, if require. also this addon appear on mozilla main site. https://addons.mozilla.org/firefox/plugins/ try look at it from a basic user prespective. I am sure I am not the only one who have this type of configuration, and there is many users out there that this "functionality" work on there pc. and knowledged that when they surf with firefox they're safe. not just this expose the user to any known or unknowed IE engine vulnerabilty, its pass the popup blocker. if firefox is unable to control it, i understand, i just bring it to conscious.
Component: Security → General
QA Contact: firefox → general
Version: unspecified → 2.0 Branch
This bug was reported on Firefox 2.x or older, which is no longer supported and will not be receiving any more updates. I strongly suggest that you update to Firefox 3.6.3 or later, update your plugins (flash, adobe, etc.), and retest in a new profile. If you still see the issue with the updated Firefox, please post here. Otherwise, please close as RESOLVED > WORKSFORME http://www.mozilla.com http://support.mozilla.com/kb/Managing+profiles http://support.mozilla.com/kb/Safe+mode
No reply, INCOMPLETE. Please retest with Firefox 3.6.x or later and a new profile (http://support.mozilla.com/kb/Managing+profiles). If you continue to see this issue with the newest firefox and a new profile, then please comment on this bug.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.