Vulnerability Description: A serious vulnerability exists that causes Internet Explorer to launch Firefox and execute a malicious payload, sparking a debate about who is responsible for the flaw. Affected Browsers: The vulnerability affects Internet Explorer and Firefox when both are installed on the same machine. Exploit Mechanism: By luring an IE user to a maliciously crafted site, an attacker can cause Firefox to execute the code without proper security vetting. Mozilla's Response: Mozilla's Window Snyder wrote that Mozilla developers will patch Firefox to no longer accept bad data from IE, but only users browsing with Microsoft's browser were vulnerable. Microsoft's Position: Microsoft representatives argue that the vulnerability is not in their product, and that "most definitely" the problem isn't caused by IE. Solution Requirement: The fix will have to come from Mozilla, not Microsoft, as Firefox fails to properly validate the parameters. Exploit Example: A proof of concept exploit uses IE to hand off maliciously-scripted code to a Firefox handler known as "firefoxurl". Industry Opinions: Roger Thompson, CTO of Exploit Prevention Labs, believes Microsoft shares culpability because IE fails to properly validate input.