dock0184
July 9th, 2004, 07:48 AM
Mozilla Fixes Security Flaw
Updates to Windows versions of Firefox, Thunderbird repair hole uncovered this week.
The Mozilla Foundation has urged users of its open-source Mozilla Application Suite, Firefox browser, and Thunderbird e-mail client to download a small patch to work around a security vulnerability discovered Thursday.
The patches download a configuration change which disables the use of the :shell external protocol handler for running external programs by clicking on a hyperlink.
The security handling of this command may enable attackers to run arbitrary programs on Windows systems. It appears no problems occur for Mozilla users running other operating systems, such as the Macintosh OS, Linux, or other Unix variants, the Mozilla Foundation programmers say in a statement on the organization's Web site, mozilla.org.
Vulnerable Versions
The vulnerability affects most versions of Mozilla, from version 1.7.0 and earlier. It also affects Firefox, in the current build 0.9.1 and earlier versions; and versions of Thunderbird, from release 0.7.1 and earlier.
Full new versions of the free products are also available from the site, according to the Mozilla Foundation. The nonprofit organization formed last year to develop and support the open source applications.
Source: http://www.pcworld.com/news/article/0,aid,116834,00.asp
It seems to me that Microsoft's engineers are working on other things. :fire
Updates to Windows versions of Firefox, Thunderbird repair hole uncovered this week.
The Mozilla Foundation has urged users of its open-source Mozilla Application Suite, Firefox browser, and Thunderbird e-mail client to download a small patch to work around a security vulnerability discovered Thursday.
The patches download a configuration change which disables the use of the :shell external protocol handler for running external programs by clicking on a hyperlink.
The security handling of this command may enable attackers to run arbitrary programs on Windows systems. It appears no problems occur for Mozilla users running other operating systems, such as the Macintosh OS, Linux, or other Unix variants, the Mozilla Foundation programmers say in a statement on the organization's Web site, mozilla.org.
Vulnerable Versions
The vulnerability affects most versions of Mozilla, from version 1.7.0 and earlier. It also affects Firefox, in the current build 0.9.1 and earlier versions; and versions of Thunderbird, from release 0.7.1 and earlier.
Full new versions of the free products are also available from the site, according to the Mozilla Foundation. The nonprofit organization formed last year to develop and support the open source applications.
Source: http://www.pcworld.com/news/article/0,aid,116834,00.asp
It seems to me that Microsoft's engineers are working on other things. :fire