toggle

AAPL Stock: 111.78 ( -0.87 )

Printed from http://www.macnn.com

Firefox 2.0.0.6 fixes security flaws

updated 03:35 pm EDT, Tue July 31, 2007

Firefox 2.0.0.6 released

mozilla.org has released Firefox 2.0.0.6, a new version of the popular, free open source browser that fixes two security flaws. The more serious flaw involves Firefox not percent-encoding spaces and double quotes in URLs passed to helper applications, which can allow malicious pages to launch programs with potentially dangerous command line parameters. The other vulnerability is a privilege elevation bug involving extensions, which was accidentally introduced in Firefox 2.0.0.5. According to mozilla.org "The URL protocol handling flaw is a similar class of exploit to the firefoxurl:// URL vulnerability, which was fixed with the release of Firefox 2.0.0.5. In the original firefoxurl:// exploit, an attacker could use Microsoft Internet Explorer to launch Firefox with malicious command line parameters. In the flaw fixed in Firefox 2.0.0.6, Firefox is used as the attack vector to start other applications with dangerous arguments. The exploit could be extended to execute any program in a known location, possibly passing dangerous command line parameters." The new release is available as a 17MB download.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lackin ...

toggle

Most Commented