also @ TechSpot: Top PC Games for this Holiday Season and Beyond

Most Popular

Top Stories Commented  Featured 

Weekend Open Forum: Have you upgraded to Windows 7 yet? What is there to like/not?  featured

Tech Tip of The Week: Turn Off your Display Using a Windows Shortcut and More  featured

Netflix PS3 streaming arrives tomorrow

Dell's ultra-thin Adamo XPS to ship soon for $1,799

Windows 7 crushed Vista in early launch sales

AMD and PC vendors delay products amid GPU shortage

Nvidia Tegra 2 to double performance, arrive next year?

Google touts privacy and transparency with Dashboard

More Top Stories

Downloads & Drivers

Downloads   Drivers  

GMABooster 2.1a

Power Plan Assistant for Windows 7 v1.2b

Picasa 3.5.0.79.81

Adobe Shockwave Player 11.5.2.602

FileZilla 3.3.0 RC1

More Downloads

TS Community

Recent Discussion   User Gallery  

Weekend Open Forum: Have you upgraded to Windows 7 yet? What is there to like/no...

Best graphics card upgrade for HP Pavilion a6827c-b

Dragon Age: Origins low fps and lag

E-Machine ET-1641 freezing/startup repair

Google reveals Android 2.0 features

More at the Forum

Subscribe

Newsletter Our Feeds

Receive weekly updates on new articles, news and contests in your mail!

Email address:

Information Technology

Mozilla releases Firefox 2.0.0.6, patches two vulnerabilities

By Jose Vilches, TechSpot.com
Published: July 31, 2007, 10:35 AM EST
Mozilla’s popular alternative browser received yet another security update today with the release of 2.0.0.6. The new update addresses two security holes, one of them rated as critical and the other as moderate. The critical “unescaped URIs passed to external programs” flaw allowed single URIs handed off to external programs to be interpreted as multiple arguments:

When running Firefox on Windows XP with IE7 installed, URIs for certain common protocols (such as mailto:) that contain a %00 won't necessarily launch the protocol handler registered for that scheme but will instead launch a file-handling program based on the file extension at the end of the URI. This appears to allow execution of any program installed at a known location and might be enough to exploit a system.
The second issue deals with a privilege escalation vulnerability that could enable add-ons to create "about:blank" windows and populate them in certain ways. Firefox users can download 2.0.0.6 from our download section or use the auto update function within the browser.

Related Stories

Post a comment
RSS