Microsoft Internet Explorer and Mozilla Firefox URI Handler Command Injection Vulnerability

Mozilla has addressed this vulnerability in Firefox and Thunderbird. The vendor has released Firefox and Thunderbird to fix this issue. Please see the references for more information.

NOTE: Microsoft has released a report on this issue, stating that it is not the responsibility of the calling application to encode or otherwise escape characters passed to protocol handlers. Please see the referenced MSDN article for more information.

NOTE: This issue was not correctly fixed Thunderbird installed through automatic updates. The vendor released Thunderbird to resolve this issue. Please see the referenced Mozilla advisories for more information.

Slackware Linux 12.0

Mozilla Firefox 2.0 RC2

Mozilla Firefox 2.0 beta 1

Mozilla Camino 1.0

Mozilla Camino 1.5

Mozilla Firefox

Mozilla Firefox 2.0

Mozilla Camino 0.7 .0

Mozilla Camino 0.8

Mozilla Camino 0.8.3

Mozilla Camino 1.0.1

Mozilla Camino 1.0.2

Mozilla Camino 1.0.3

Mozilla Thunderbird 2.0 .4

Mozilla Firefox 2.0 .1

Mozilla Firefox 2.0 .3


Privacy Statement
Copyright 2010, SecurityFocus