Run arbitary executables with Firefox

This is a test page demonstrating the use of a signed script to run arbitary executables on a user's machine.

First, install this certificate as a root authority for authenticating software developers. Note that this step will not be required in a production system, as one would be using a cert that was generated by a root authority that the user has already accepted or was preinstalled (i.e., Verisign, etc). To install the cert first download it and then go to Tools -> Options -> Advanced -> Security -> View Certificates -> Authorities -> Import and browse to where you saved the cert.

Now, follow this link. You will be prompted to allow a script from "myorg" to perform UNSAFE actions that may compromise your machine or data. You will then have to wait about 5 seconds before you can press the Allow button.

If everything worked and you're running on a Windows machine, you should see Calculator pop up. You might not if you didn't install your OS to c:\windows.

I do not believe this is a security flaw. It is up to the user to decide if they wish to run unsafe content on their machine or not. It is good that Firefox will only give the user this option if the content is signed. The timeout on the Allow button forces the user to read the dialog and consider the implications.

QuantumG
<< back to my home page