Brent Dax (brentdax) wrote,
Brent Dax


Users of Mozilla products on Windows NT/2000/XP have a patch to apply. Apparently, Microsoft unwisely put a "shell:" URL type into Windows, which can be used to execute arbitrary commands. Mozilla didn't guard against use of such URLs in Web pages--they didn't realize such a thing existed.

Details are available from Mozilla, NewsForge, Full Disclosure, and Bugzilla.

The patch (released a day after the vulneurability was noticed) is 1kb, available from the above link or from Mozilla Update. You can also install new point releases of Mozilla Suite, Firefox, and Thunderbird. Make sure you restart your browser after installing the patch.

  • Paging madlori (and anyone who knows her)

    An interesting thing just happened on Facebook chat. Lori Summers [2:29:44] Got my message ? Brent Royal-Gordon [2:33:45] I did. Lori Summers…

  • guest post

    kate is the best better than the rest the best the best haikus about kate: kate's my favourite i want to lick her ballsack it would taste so…

  • Practice

    This December, I will have been practicing programming seriously for ten years. That will mark the tenth anniversary of me starting to learn Perl. I…

  • Post a new comment


    default userpic

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.