Despite being patched twice in July, two security researchers warn that there's another way attackers could exploit Firefox protocol-handling bugs to push malicious code onto targeted machines via the users' browsers.
Researchers Billy Rios and Nate McFeters, who first warned about the multi-browser URI protocol handling flaw back in July, said:
"Although the conditions which allowed for remote command execution in Firefox 18.104.22.168 have been addressed with a security patch, the underlying file type handling issues which are truly the heart of the issue have not been addressed."
Rios and McFeters said they've contacted the Mozilla security team and that they are working on plugging the hole. For now, the researchers will refrain from giving technical details of how an attacker could exploit the new-found URI flaws.