Is IE partly to blame?
I've just attempted a number of different ways of launching this exploit, but can't seem to get it to execute except from IE.
* Attempting to launch it by pasting the URL into FF shows a warning with the full URL. Accepting this warning just brings up another warning about "firefoxurl:test". Accepting this one just brings up another, etc, creating a new tab each time.
* Attempting to launch it via the ShellExecute API doesn't work. FF warns about "firefoxurl:test", not the entire URL.
* Launching the URL from IE (either via the link or pasting the URL into the address bar) causes the exploit to run.
It certainly seems that IE is partly to blame, because it does something different in how it executes these links. Perhaps MS should patch IE so that it uses standard mechanisms to launch these links, rather than whatever method it currently uses.