Firefox 2.0.0.5 release fixes bug with Internet Explorer

(No Ratings Yet)

Loading ...

Firefox 2.0.0.5 release fixes bug with Internet Explorer

Mozilla developers have released an updated Firefox edition that fixes the problem with Microsoft’s Internet Explorer.

The bug could have caused malicious code to run if the browser is launched by Microsoft’s Internet Explorer.

Both Microsoft and Mozilla claimed that the problem lied with the software from the other party.

Mozilla has now taken the initiative by releasing the fix which now patches the bug.

Mozilla added in a statement that the update would be delivered automatically to the users who have not disabled this specific option.

The developers added that this latest release also fixes seven other vulnerabilities. At least two of these are considered “critical” by Mozilla.

smoker | July 19th, 2007 at 04:53 pm

Description
Internet Explorer calls registered URL protocols without escaping quotes and may be used to pass unexpected and potentially dangerous data to the application that registers that URL Protocol.

The vulnerability is exposed when a user browses to a malicious web page in Internet Explorer and clicks on a specially crafted link. That link causes Internet Explorer to invoke another Windows program via the command line and then pass that program the URL from the malicious webpage without escaping the quotes. Firefox and Thunderbird are among those which can be launched, and both support a “-chrome” option that could be used to run malware.

Note: Other Windows applications can be called in this way and also manipulated to execute malicious code. This fix only prevents Firefox and Thunderbird from accepting bad data. This patch does not fix the vulnerability in Internet Explorer.

Workaround
Mozilla highly recommends using Firefox to browse the web to prevent attackers from exploiting this problem in Internet Explorer.
smoker | July 19th, 2007 at 04:55 pm

My workaround is Fedora Core !