Mozilla closes security loophole

The Mozilla Foundation has urged users of its open-source Mozilla Application Suite, Firefox browser and Thunderbird e-mail...

The Mozilla Foundation has urged users of its open-source Mozilla Application Suite, Firefox browser and Thunderbird e-mail client to download a small patch to close off a security vulnerability.

The patch downloads a configuration change which disables the use of the :shell external protocol handler for running external programs by clicking on a hyperlink.

Mozilla said that the security handling of this command might allow attackers to run arbitrary programs on Windows systems, although there were no problems for Mozilla users running other operating systems such as MacOS, Linux and other Unix variants.

The vulnerability affects Mozilla version 1.7.0 and earlier, Firefox 0.9.1 and earlier, and Thunderbird 0.7.1 and earlier.

Full new versions of the free products are also available from the site.

David Legard writes for IDG News Service

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close