Discovered by Thor Larholm, the danger, “lies within the browser’s ‘firefoxurl://’ handler,” says the story, going on.
In this particular exploit, a user would have to be persuaded to click on a link containing that handler with Internet Explorer.
If they also have Firefox installed, the website owner could force Firefox to run malicious code without any sort of cross-application validation.
Larholm says it’s the same type of input validation vulnerability he discovered in the Safari 3 beta.
The vulnerability has been confirmed in Firefox version 22.214.171.124 on a fully patched Windows XP SP2, says Wired.
Wired – New Security Flaw Discovered in Mozilla Firefox, July 10, 2007