NEWS CATEGORIES:

NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>

Home / News / Webmaster / Internet Life

Internet Life

Firefox 2.0 Updated and Available for Download

Resolving unescaped URIs... the second time around

By Marius Oiaga, Technology News Editor

31st of July 2007, 09:50 GMT

Adjust text size:

On July 30 Mozilla introduced a security update to Firefox 2.0, and version 2.0.0.6 of the open source browser is now available for download. With this release, Mozilla is addressing a security vulnerability in Firefox initially associated with a combination between the open source browser and Internet Explorer on the Windows Platform. Mozilla security chief Window Snyder stated at the beginning of July that IE was at fault in the URL Protocol Handling on Windows flaw. "It is important to note that if you are using Firefox to browse the web you *are not* vulnerable to this attack. While we have seen no evidence of attackers exploiting this issue, there is proof of concept

code available publicly. So we recommend that people use Firefox and as always take care when browsing unknown websites," Snyder revealed on July 10.

Mozilla subsequently patched Firefox in version 2.0.0.5, taking steps to ensure the fact that IE will no longer be able to invoke Firefox or to pass malicious content. Following the availability of Firefox 2.0.0.5, Snyder confirmed the fact that the Mozilla browser was also susceptible to attacks exploiting the vulnerability. "We learned about a new scenario that identifies ways that Firefox could also be used as the entry point. While browsing with Firefox, a specially crafted URL could potentially be used to send bad data to another application. We thought this was just a problem with IE. It turns out, it is a problem with Firefox as well," Snyder explained on July 23.

The course of events finally led up to the launch of Firefox 2.0.0.6. resolving the "Unescaped URIs passed to external programs" vulnerability. In the next couple of days, Firefox 2.0 users will be prompted to deploy the update. "We've just released Firefox 2.0.0.6 which contains a security patch to mitigate the issue described here. The patch enables percent-encoding for spaces and double-quotes in URIs handed off to external programs. This reduces the risk of malicious data being passed through Firefox to another application that may then trigger unexpected and potentially dangerous behavior," Snyder added.

Mozilla Firefox 2.0.0.6 was tested by Softpedia as being 100% Free and is available for download here.

TAGS:	Firefox 2.0 \| Mozilla	SHARE THIS
Read by 1,233 user(s) \| Add comment \| Link to this article		TWEET THIS

Article rating:

Good (3.2/5)

7 vote(s)

Subscribe to news |

Print article |

Send to friend

SEARCH THE NEWS ARCHIVE :

Today's News | Yesterday's News | News Archive

User opinions:

No user comments yet.

Be the first to express your opinion using the form below!

Share your opinion:

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| ENTER NEWS SITE \| ENGLISH BOARD \| ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved. Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use \| Update your software \| Archive