TechSpot en EspañolMost Popular
| Top Stories | Just in | Featured |
11 awesome applications you've never heard of featured
Microsoft to offer three-user Windows 7 Family Pack?
2K Games offers "Huge Game Pack" on Steam for $54
Fallout 3 gets 50% price cut on Steam this weekend
Apple issues advice on iPhone 3GS overheating
Firefox 3.5 breaks 5 million downloads in 24 hours
TS Community
| User Gallery | Recent Discussion |
 Ownage by Alienware by compguy |  lolz by Adhmuz |
 1st house by RGLover641 |  Somthings wrong by Gflo |
TechSpot RSSInformation Technology
Mozilla releases Firefox 2.0.0.6, patches two vulnerabilities
Mozilla’s popular alternative browser received yet another security update today with the release of 2.0.0.6. The new update addresses two security holes, one of them rated as critical and the other as moderate. The critical “unescaped URIs passed to external programs” flaw allowed single URIs handed off to external programs to be interpreted as multiple arguments:
When running Firefox on Windows XP with IE7 installed, URIs for certain common protocols (such as mailto:) that contain a %00 won't necessarily launch the protocol handler registered for that scheme but will instead launch a file-handling program based on the file extension at the end of the URI. This appears to allow execution of any program installed at a known location and might be enough to exploit a system.
The second issue deals with a privilege escalation vulnerability that could enable add-ons to create "about:blank" windows and populate them in certain ways. Firefox users can download 2.0.0.6 from our download section or use the auto update function within the browser.
When running Firefox on Windows XP with IE7 installed, URIs for certain common protocols (such as mailto:) that contain a %00 won't necessarily launch the protocol handler registered for that scheme but will instead launch a file-handling program based on the file extension at the end of the URI. This appears to allow execution of any program installed at a known location and might be enough to exploit a system.
The second issue deals with a privilege escalation vulnerability that could enable add-ons to create "about:blank" windows and populate them in certain ways. Firefox users can download 2.0.0.6 from our download section or use the auto update function within the browser.
Related Stories
