Firefox Fixes IE Flaws

Mozilla has updated its flagship Firefox browser to version 2.0.0.5 with at least nine security issues fixed.

Among them is one for an issue that was trigged when user also had
Microsoft’s Internet Explorer installed as well. Remote code execution by
launching Firefox from Internet Explorer is addressed by Mozilla Security
Advisory 2007-23.

The flaw was first
reported on July 10. It involves the “firefoxurl://” uniform resource identifier (URI) handler, which enables Firefox to call on other Web resources.

Though Mozilla has fixed the flaw in Firefox 2.0.0.5, Mozilla’s advisory
noted that other Windows applications can be called in a similar way and
also manipulated to execute malicious code.

“This fix only prevents Firefox and Thunderbird from accepting bad data,”
Mozilla stated in its advisory. “This patch does not fix the vulnerability
in Internet Explorer.”

Other critical bugs fixed include the following:

  • Mozilla Foundation Security Advisory
    2007-18, which fixes crashes with evidence of memory corruption;
  • Mozilla
    Foundation Security Advisory 2007-23, which describes a Privilege escalation
    using an event handler attached to an element not in the document;
  • Mozilla Foundation Security Advisory 2007-19, which fixes a bug rated as High by
    Mozilla. It’s a potential cross site scripting risk where scripts could be
    injected into another site’s context by exploiting a timing issue.
  • This article was first published on InternetNews.com. To read the full article, click here.

    Previous article
    Next article

    Latest articles

    Top Cybersecurity Companies

    Related articles

    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here