TAG | Firefox 2.0.0.6 delivers more security fixes |
|
| by Stephen Withers | |
| Wednesday, 01 August 2007 | |
|
It is the equivalent of a vulnerability that the Mozilla team had previously attributed to Internet Explorer, in which IE could be induced to pass a specially-formed link to Firefox. Firefox 2.0.0.5 added code to safely handle URLs passed to it that contain unescaped quotes and spaces, and now version 2.0.0.6 ensures that spaces and double quotes are percent-encoded before passing them to external programs. The issue was raised by Jesper Johansson, formerly a senior security strategist with Microsoft, who suggested that blaming Internet Explorer for passing unescaped strings to Firefox while Firefox contained a similar failing was a case of people in glass houses throwing stones. The second ('moderate') vulnerability addressed by Firefox 2.0.0.6 allowed privilege escalation by manipulating certain addons. That problem was introduced in version 2.0.0.5's fix for a low-impact vulnerability.
Get stories like this delivered daily - FREE - subscribe now
|
Tags
| < Next story in category | Previous story in the category > |
|---|
