Firefox 0.9.2, Thunderbird 0.7.2, Mozilla 1.7.1 Coming Soon

As though to put the proof to my statement in my entry to ***Dave that Mozilla/Firefox aren’t without their own holes, the folks at Mozilla.org are announcing a soon to be released update for their three big products to plug a vulnerability that’s been discovered:

Branches have been created for three of mozilla.org’s latest releases, in order to fix an external windows protocol handler bug. The fix involves disabling the shell: protocol handler, which was found to enable pages to run executables on Windows via a link. Builds should officially be available shortly, and there will also be an XPI offered to disable the pref. Alternatively, you can set the pref “network.protocol-handler.external.shell” in about:config to ‘false’ to also remove the exploit.

More information about the exploit can be found in this post on the Full Disclosure mailing list.

UPDATE! The XPI to disable the pref is now available.

New builds, a downloadable patch, and a by-hand work-around. What more could you ask for?

1 thought on “Firefox 0.9.2, Thunderbird 0.7.2, Mozilla 1.7.1 Coming Soon

  1. Not sure this is related, but ever since i downloads 0.9.1 (and installed it) Firefox has been alerting me of the 0.9.*1* update’s availability.  Some flag isn’t getting updated on my system i’m guessing.

    (Also, maybe re-order the tabbing index of the above formfields, so that smileys and the tag-buttons (e.g., underline, etc) are skipped.  I tend to use tabs to nav through forms, and i imagine a lot of us do as well?)

    .rob adams

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.