Firefox 2.0.0.6 fixes security flaws

mozilla.org has released Firefox 2.0.0.6, a new version of the popular, free open source browser that fixes two security flaws. The more serious flaw involves Firefox not percent-encoding spaces and double quotes in URLs passed to helper applications, which can allow malicious pages to launch programs with potentially dangerous command line parameters. The other vulnerability is a privilege elevation bug involving extensions, which was accidentally introduced in Firefox 2.0.0.5. According to mozilla.org "The URL protocol handling flaw is a similar class of exploit to the firefoxurl:// URL vulnerability, which was fixed with the release of Firefox 2.0.0.5. In the original firefoxurl:// exploit, an attacker could use Microsoft Internet Explorer to launch Firefox with malicious command line parameters. In the flaw fixed in Firefox 2.0.0.6, Firefox is used as the attack vector to start other applications with dangerous arguments. The exploit could be extended to execute any program in a known location, possibly passing dangerous command line parameters." The new release is available as a 17MB download.

Filed under: software

top searches

1. apple

2. iphone

3. apple TV

4. ipod

5. mac

6. BBC

7. icons

8. icon

9. macbook

10. leopard

search for more ..

RSS Feeds

Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.

MacNN -all

MacNN Reviews

MacNN Podcasts

iPodNN

Electronista

Left Lane News

See all RSS feeds...

Want To Sell Your Laptop? Any Condition - receive Top Cash. Get an instant quote. Free shipping www.CashForLaptops.com
Buy from The Apple Store, iTunes.com, Amazon.com, TechDepot, OfficeDepot, Computers4Sure, or donate.

Have your product or service listed here.

Default Comment View
External Page Links
Comment Threading View