Brent Dax (brentdax) wrote,
Brent Dax


Users of Mozilla products on Windows NT/2000/XP have a patch to apply. Apparently, Microsoft unwisely put a "shell:" URL type into Windows, which can be used to execute arbitrary commands. Mozilla didn't guard against use of such URLs in Web pages--they didn't realize such a thing existed.

Details are available from Mozilla, NewsForge, Full Disclosure, and Bugzilla.

The patch (released a day after the vulneurability was noticed) is 1kb, available from the above link or from Mozilla Update. You can also install new point releases of Mozilla Suite, Firefox, and Thunderbird. Make sure you restart your browser after installing the patch.
  • Post a new comment


    default userpic

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.