Microsoft Internet Explorer and Mozilla Firefox URI Handler Command Injection Vulnerability

Solution:
Mozilla has addressed this vulnerability in Firefox and Thunderbird. The vendor has released Firefox 2.0.0.5 and Thunderbird 2.0.0.5 to fix this issue. Please see the references for more information.

NOTE: Microsoft has released a report on this issue, stating that it is not the responsibility of the calling application to encode or otherwise escape characters passed to protocol handlers. Please see the referenced MSDN article for more information.

NOTE: This issue was not correctly fixed Thunderbird 1.5.0.13 installed through automatic updates. The vendor released Thunderbird 1.5.0.14 to resolve this issue. Please see the referenced Mozilla advisories for more information.


Slackware Linux 12.0

Mozilla Firefox 2.0 RC2

Mozilla Firefox 2.0 beta 1

Mozilla Camino 1.0

Mozilla Camino 1.5

Mozilla Firefox 2.0.0.2

Mozilla Firefox 2.0

Mozilla Camino 0.7 .0

Mozilla Camino 0.8

Mozilla Camino 0.8.3

Mozilla Camino 1.0.1

Mozilla Camino 1.0.2

Mozilla Camino 1.0.3

Mozilla Thunderbird 2.0 .4

Mozilla Firefox 2.0 .1

Mozilla Firefox 2.0 .3


 

Privacy Statement
Copyright 2010, SecurityFocus