Log in

No account? Create an account

Previous Entry | Next Entry


Users of Mozilla products on Windows NT/2000/XP have a patch to apply. Apparently, Microsoft unwisely put a "shell:" URL type into Windows, which can be used to execute arbitrary commands. Mozilla didn't guard against use of such URLs in Web pages--they didn't realize such a thing existed.

Details are available from Mozilla, NewsForge, Full Disclosure, and Bugzilla.

The patch (released a day after the vulneurability was noticed) is 1kb, available from the above link or from Mozilla Update. You can also install new point releases of Mozilla Suite, Firefox, and Thunderbird. Make sure you restart your browser after installing the patch.