Security hole in mozilla/firefox found

[IceDigger]

www.mozilla.com and update yourself to the latest version.

 

[Dud]

Originally posted by IceMan2k@Jul 9, 2004 @ 08:01 AM

www.mozilla.com and update yourself to the latest version.

What versions are affected by this? I have 0.9.1

 

[ExCyber]

As far as I know, all Windows versions prior to 0.9.2 are affected, but they don't specifically say. Non-Windows systems are unaffected; this is more a problem with Windows's security model (or lack thereof) than a Firefox bug. You can grab this to fix the problem (when using Firefox; other URL-interpreting programs probably have the same hole) instead of reinstalling; both ways simply make Firefox reject shell: URLs.

 

[ExCyber]

other URL-interpreting programs probably have the same hole

Sure enough, it's been sighted in Word and MSN Messenger. Microsoft's response was predictable, and can be summed up by their most famous declaration to the same effect: "That vulnerability is completely theoretical."

 

[CrazyGoon]

I'm all updated to the latest version now. Thanks for the warnings :thumbs-up:

 

[gameboy900]

And about 6 windows updates in one day later.....

 

[mtxblau]

apt-get install -f

apt-get upgrade --no-checksig

If you don't have apt (for SuSE linux anyways), get it.

 

[antime]

Yet another new version (0.9.3/1.7.2/0.7.3), this time due to security problems in PNG handling.