Key executives behind Internet Explorer and Firefox are each blaming the other for multiple Windows zero-day vulnerabilities.
In an entry on the IE blog, IE programme manager Markellos Diorinos said that the spate of protocol handler bugs involving the Microsoft browser are the fault of the other applications, not IE.
"The limitless variety of [third-party] applications and their unique capabilities make it very difficult to have any meaningful automated parameter validation by the hosting (caller) application," said Diorinos. In the vulnerabilities disclosed so far that involve Mozilla's Firefox browser and Cerulean Studios' Trillian instant messaging client, IE has been pegged as the application that calls on those program's unique protocols.
Diorinos' comments came in response to the ongoing controversy about a flaw that involves both IE and Firefox. Last week, Danish researcher Thor Larholm, among others, put the onus on IE, and said that while Firefox registers the "firefoxurl://" protocol used in his proof-of-concept exploits, Mozilla's browser is an innocent bystander.
This week, other security researchers said a similar problem involved IE and the "aim" protocol used by Trillian, a multi-service instant messaging program, or for that matter, any AIM (AOL Instant Messenger) client.