Firefox 2.0.0.5

calendar Posted on July 19, 2007   comments One Comment

I definitely can get used to Firefox letting me know when it’s time to update. I just received the update for 2.0.0.5 (release notes) this morning.

Looks like this is primarily a security release. One of the security issues is wild! From the advisory:

Internet Explorer calls registered URL protocols without escaping quotes and may be used to pass unexpected and potentially dangerous data to the application that registers that URL Protocol.

The vulnerability is exposed when a user browses to a malicious web page in Internet Explorer and clicks on a specially crafted link. That link causes Internet Explorer to invoke another Windows program via the command line and then pass that program the URL from the malicious webpage without escaping the quotes. Firefox and Thunderbird are among those which can be launched, and both support a “-chrome” option that could be used to run malware.

The folks at CyberNet noted a big pile of stability fixes that don’t seem to be mentioned in the release notes (weird?) as well but are sure to be welcomed.

tags Tags: , ,

Related Posts Possibly Related Posts

Comments

One Response to “Firefox 2.0.0.5”

  1. Bleach on July 23rd, 2007 2:53 am

    Thanks for the heads up, I missed the update. Gonna try it out now! :D

Leave a Reply




Have you read the Comments section on the Disclaimer page?

About

Wandering the Internet, looking at all things bright and shiny. Playing with many, writing about some. More …

Recent Posts

Recent Comments: