Most Popular
| Top Stories | Commented | Featured |
ATI Radeon HD 5570 Review featured
AMD's six-core Thuban to have feature like Turbo Boost?
Google to launch Twitter-like service for Gmail
Intel unveils Itanium 9300 series enterprise processors
Intel Core i5-based MacBook Pros coming soon?
Netflix to roll out 1080p streaming later this year
China closes major hacker ring, arrests three members
Sharp and Samsung end LCD patent suits with cross-licensing agreement
TS Community
| User Gallery | Recent Discussion |
 3 Screens of Techspot- WakeMO by WakeMO |  New Elite Gaming/Media Center PC by JimShady23 |
 Best of 2008 com port by nicholas_t |  OUTER LIMITS by earthlostangel |
TechSpot RSSIndustry News
Mozilla releases Firefox 2.0.0.6, patches two vulnerabilities
Mozilla’s popular alternative browser received yet another security update today with the release of 2.0.0.6. The new update addresses two security holes, one of them rated as critical and the other as moderate. The critical “unescaped URIs passed to external programs” flaw allowed single URIs handed off to external programs to be interpreted as multiple arguments:
When running Firefox on Windows XP with IE7 installed, URIs for certain common protocols (such as mailto:) that contain a %00 won't necessarily launch the protocol handler registered for that scheme but will instead launch a file-handling program based on the file extension at the end of the URI. This appears to allow execution of any program installed at a known location and might be enough to exploit a system.
The second issue deals with a privilege escalation vulnerability that could enable add-ons to create "about:blank" windows and populate them in certain ways. Firefox users can download 2.0.0.6 from our download section or use the auto update function within the browser.
When running Firefox on Windows XP with IE7 installed, URIs for certain common protocols (such as mailto:) that contain a %00 won't necessarily launch the protocol handler registered for that scheme but will instead launch a file-handling program based on the file extension at the end of the URI. This appears to allow execution of any program installed at a known location and might be enough to exploit a system.
The second issue deals with a privilege escalation vulnerability that could enable add-ons to create "about:blank" windows and populate them in certain ways. Firefox users can download 2.0.0.6 from our download section or use the auto update function within the browser.
Related Stories
