Firefox browsers are still vulnerable to attacks exploiting the animated cursor flaw that caused Microsoft to rush out a patch on April 3. Alexander Sotirov, the security researcher at Determina who first discovered the ANI flaw and reported it to Microsoft in December, has posted a video depicting successful ANI vulnerability exploits on both Internet Explorer 7 and Firefox 2.0 running on Vista in default mode.
In the video, Sotirov notes that turning on Protected Mode works to protect Vista running IE. Although the exploit gives an attacker access to all files on a system, Protected Mode prevents those files from being overwritten.
It turns out that Firefox uses the same vulnerable Windows component to process .ani files, Sotirov says in the video, “Which means it can be exploited in a way similar to Internet Explorer.”
Sotirov demonstrates opening a URL exploit while running Firefox and successfully getting a command shell connection. The shell again gives access to all system files, along with the privileges of the currently logged-on user. But because Firefox has no low-privilege mode similar to IE’s Protected Mode, an attacker can also overwrite system files as well.
Firefox, ANI, Exploits, Vulnerabilities