A new flaw in Firefox has been discovered, one that could potentially lead to system compromise. Affecting only Windows-based machines, the flaw can be triggered by something as simple as clicking a special link
, one crafted by someone looking to exploit:
The vulnerability resides in the way Firefox handles uniform resource identifiers, the protocols that allow the browser to access software and other resources located on a PC. The browser fails to properly vet at least five different URIs, a flaw that could allow an attacker to install malware on a PC simply by convincing a victim to click on a doctored link.
This type of flaw could be exploited in places far beyond just browsers however, and could include documents or emails containing a bad URI. This comes just a short time after a flaw involving both IE and Firefox was discovered
and then patched.
These days, it is rare to see a single week go by without a new flaw being discovered in the kings of the browser market. The increasing complexity browser, increased number of people using the Internet and the wider range of platforms being used have all played a part in this. More people means more targets, more targets means more incentive for people to exploit others.
That aside, developers are aware that software is more vulnerable when many hands are on it, so hopefully we will see a patch from Mozilla soon.