Thursday, July 8, 2004
Mozilla Windows Exploit -- 9:05 pm CST, Update by A.T. Hun
Both eWeek and Newsforge have reports of a bug in Mozilla and its Firefox and Thunderbird derivatives that would allow specific urls to run arbitrary code in Windows XP or 2000. This doesn't affect the Mac, Linux, or Solaris ports. There are patches and full new versions available for download on Mozilla.org. The irony is that the problem is not Mozilla's per se, but how Windows deals with the shell: command. Mozilla just passes it to the OS to handle which could be, well, destructive. All the patch does is disable the shell: command. The real bug behind this was supposed to be fixed in XP's SP1, but wasn't. Nevertheless, if you use any of Mozilla's products in WinXP/2K, get patching. Thanks Slashdot.
The Master comments: I patched my Firefox installation, and I think this new version made some dramatic speed improvements, too. I've been very impressed by the work on Firefox so far. I hope this continues.
Recent Headlines
January 5, 2015: It Returns!
August 10, 2007: SCO SUCKS IT DOWN!
July 5, 2007: Slackware 12.0 Released
May 20, 2007: PhpBB 3.0 RC 1 Released
February 2, 2007: DOOM3 1.31 Patch
January 27, 2007: Join the World Community Grid
January 17, 2007: Flash Player 9 for Linux
December 30, 2006: Darkness over Daggerford 1.2
December 19, 2006: Pocket Tunes 4.0 Released
December 9, 2006: WRT54G 1.01.1 Firmware OK with Linux/Mac
The Haus is powered by:
All original information on this website is copyright © TheHaus.Net, 1999-2005. The use of original images, text, and/or code from this website without expressed written consent is prohibited. The authors of this site cannot be held responsible for any damage, real or imagined, which comes from the use of information presented on this site. All trademarks used are the properties of their respective owners. This site is not to be used as a floatation device (but if you try, I want a video tape of it).
![[Valid RSS]](/images/valid-rss.png "Validate my RSS feed")