Interesting 0-day vulnerability in Firefox when installed in a box already running Internet Explorer (i.e. all Windows machines).
Firefox installs three protocol handlers, which lack some basic input validation. It seems that IE is able to launch Firefox in such a way that arbitrary commands are passed onto the shell (with the privileges of the current user)
Read the details at Jesper’s blog.
