It was already true that an attacker could trick a user into copying a malicious link inside a file opened in Notepad to their browser, was that also a Remote Code Execution Vulnerability?
You can trick the user into copying the same malicious link, but browsers have generally already implemented the same mitigation that is Microsoft's fix for this issue inside Notepad (specifically, prompting before opening outside applications after the user enters or clicks a URL that isn't one of the built-in schemes).
It is also possible to use a different application as the http and file: url handler at the os level;
Write an app to display the (URL) argument passed and require the user to confirm or reject before running the browser using any of one or more default and configurable command line templates.
Add a "Install as default http, https, file:// uri handler" button in the settings gui. Prompt the user to install the app as default handler on first run.
Add opt-in optional debug logging of at least: {source_app_path:, url:, date_opened: } to a JSON lines log file
JonathonW|4 days ago
westurner|4 days ago
Write an app to display the (URL) argument passed and require the user to confirm or reject before running the browser using any of one or more default and configurable command line templates.
Add a "Install as default http, https, file:// uri handler" button in the settings gui. Prompt the user to install the app as default handler on first run.
Add opt-in optional debug logging of at least: {source_app_path:, url:, date_opened: } to a JSON lines log file
dec0dedab0de|4 days ago
cyanydeez|4 days ago