Most Popular
| Top Stories | Commented | Featured |
Weekend Open Forum: Google Chrome OS and the future of cloud computing featured
Tech Tip of the Week: Unearth Region-Specific Windows 7 Themes featured
Google previews its upcoming Chrome OS
Mozilla reveals 2008 revenue, rumors say Firefox coming to PS3
Xbox Live bans prompt class action lawsuit
Sony: PlayStation 3 to be 3D-capable via firmware update
TS Community
| User Gallery | Recent Discussion |
 Standard CMOS Features Menu by Dominik |  TechSpot at CES 2007 by Julio |
 200mm top case fan by sbgsus |  the front beast by maazter21 |
TechSpot RSSInformation Technology
Mozilla releases Firefox 2.0.0.6, patches two vulnerabilities
Mozilla’s popular alternative browser received yet another security update today with the release of 2.0.0.6. The new update addresses two security holes, one of them rated as critical and the other as moderate. The critical “unescaped URIs passed to external programs” flaw allowed single URIs handed off to external programs to be interpreted as multiple arguments:
When running Firefox on Windows XP with IE7 installed, URIs for certain common protocols (such as mailto:) that contain a %00 won't necessarily launch the protocol handler registered for that scheme but will instead launch a file-handling program based on the file extension at the end of the URI. This appears to allow execution of any program installed at a known location and might be enough to exploit a system.
The second issue deals with a privilege escalation vulnerability that could enable add-ons to create "about:blank" windows and populate them in certain ways. Firefox users can download 2.0.0.6 from our download section or use the auto update function within the browser.
When running Firefox on Windows XP with IE7 installed, URIs for certain common protocols (such as mailto:) that contain a %00 won't necessarily launch the protocol handler registered for that scheme but will instead launch a file-handling program based on the file extension at the end of the URI. This appears to allow execution of any program installed at a known location and might be enough to exploit a system.
The second issue deals with a privilege escalation vulnerability that could enable add-ons to create "about:blank" windows and populate them in certain ways. Firefox users can download 2.0.0.6 from our download section or use the auto update function within the browser.
Related Stories
