AAPL Stock: 118.03 ( -0.85 )

Printed from

Firefox fixes security flaws

updated 03:35 pm EDT, Tue July 31, 2007

Firefox released has released Firefox, a new version of the popular, free open source browser that fixes two security flaws. The more serious flaw involves Firefox not percent-encoding spaces and double quotes in URLs passed to helper applications, which can allow malicious pages to launch programs with potentially dangerous command line parameters. The other vulnerability is a privilege elevation bug involving extensions, which was accidentally introduced in Firefox According to "The URL protocol handling flaw is a similar class of exploit to the firefoxurl:// URL vulnerability, which was fixed with the release of Firefox In the original firefoxurl:// exploit, an attacker could use Microsoft Internet Explorer to launch Firefox with malicious command line parameters. In the flaw fixed in Firefox, Firefox is used as the attack vector to start other applications with dangerous arguments. The exploit could be extended to execute any program in a known location, possibly passing dangerous command line parameters." The new release is available as a 17MB download.

by MacNN Staff




Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented