We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,678 News Articles

Patch warning for Firefox users

Mozilla releases second Firefox patch this month

Mozilla has patched a pair of nasty flaws in its Firefox browser, two weeks after security researchers first started posting code that showed how the flaws could be exploited in attacks.

The 2.0.0.6 version of Firefox fixes a pair of related flaws in the URL protocol handler component of Firefox, which is used to launch programs when a user clicks on certain specially crafted web links.

Mozilla rates these problems critical, meaning they are a serious security risk. But they have also proven to be an embarrassment for the open-source project.

Earlier in the month security researcher Thor Larholm showed how to exploit this type of problem in order to make Internet Explorer and Firefox jointly launch software on a user's machine without authorisation. To make the attack work, IE would load malformed data from a website, and would then send it to Firefox, which would launch the unauthorised software

Microsoft and Mozilla disagreed about who was to blame, however, with Mozilla initially saying that the attack wouldn't work on Firefox alone.

But last week, Mozilla's security chief Window Snyder admitted that her team was wrong. "We thought this was just a problem with IE. It turns out, it is a problem with Firefox as well," she said in a blog posting. "We should have caught this scenario."

The URL protocol handler flaw will also be patched in Thunderbird 2.0.0.6, Thunderbird 1.5.0.13 and SeaMonkey 1.1.4, Mozilla said.

The 2.0.0.6 Firefox release also fixes a third security flaw, that Mozilla considers to be less-critical than the URL protocol handler bugs.

See:

Firefox and IE continue fight over zero-day flaws

IE versus Firefox in security blame game


IDG UK Sites

Top 5 Android tips and tricks for smartphones and tablets

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

BBC using Glasgow 2014 Commonwealth Games to trial 4K/UHD, pan-around video, augmented video and...