Exploit discovered, patched in Mozilla/Firefox
primesuspect
Beepin n' BoopinDetroit, MI Icrontian
Seems as if an exploit in the shell: protocol handler has been discovered and patched almost as fast. Users of Mozilla are going to want to download the 1.7.1 version and users of Firefox should download 0.9.2. The explot allows a malicious meta tag to run arbitrary code on your system. It can easily be seen that this could be used to do stealth installs of spyware, just like IE.
EDIT: // You can now download an official patch for 0.9.1 from the Mozilla extension site: here
EDIT: // You can now download an official patch for 0.9.1 from the Mozilla extension site: here
0
Comments
i will go and download 1.7.1 for linux? should i? or is this only in the windows version?
heh...
i kinda figured that cause linux doesnt work anything at all like windows... but you never know...
heh...
Hmm that was quick.
Speaking of security holes, is there any way to get to Windows Update through firefox or do I hafta use IE?
-Rick
Hafta use IE, Windows Update uses an ActiveX control, which Firefox doesnt support.
~dodo
Well, if you know what Microsoft patches are being offered, you can grab many of them as archives on Microsoft's TechNet. From Mozilla, FireFox, or Opera.
Also, for those uncomfortable with patching FireFox, Opera (which released the 7.52 archive to fix its shell issues among other things), and Mozilla, or who are thinking about using them, Firefox .92 and Mozilla 1.71 are available with the set prepatched. Mozilla folks are urging those with Mozilla 1.6 or earlier to simply upgrade to 1.71 and those with Firefox earlier than .90 now to get the .92 archive. Those archives were up my late morning time on US East coast, about 10:30 AM at GMT-04:00.