14 DAY TRIAL // On July 30 Mozilla introduced a security update to Firefox 2.0, and version 2.0.0.6 of the open source browser is now available for download. With this release, Mozilla is addressing a security vulnerability in Firefox initially associated with a combination between the open source browser and Internet Explorer on the Windows Platform. Mozilla security chief Window Snyder stated at the beginning of July that IE was at fault in the URL Protocol Handling on Windows flaw. "It is important to note that if you are using Firefox to browse the web you *are not* vulnerable to this attack. While we have seen no evidence of attackers exploiting this issue, there is proof of concept code available publicly. So we recommend that people use Firefox and as always take care when browsing unknown websites," Snyder revealed on July 10.
Mozilla subsequently patched Firefox in version 2.0.0.5, taking steps to ensure the fact that IE will no longer be able to invoke Firefox or to pass malicious content. Following the availability of Firefox 2.0.0.5, Snyder confirmed the fact that the Mozilla browser was also susceptible to attacks exploiting the vulnerability. "We learned about a new scenario that identifies ways that Firefox could also be used as the entry point. While browsing with Firefox, a specially crafted URL could potentially be used to send bad data to another application. We thought this was just a problem with IE. It turns out, it is a problem with Firefox as well," Snyder explained on July 23.
The course of events finally led up to the launch of Firefox 2.0.0.6. resolving the "Unescaped URIs passed to external programs" vulnerability. In the next couple of days, Firefox 2.0 users will be prompted to deploy the update. "We've just released Firefox 2.0.0.6 which contains a security patch to mitigate the issue described here. The patch enables percent-encoding for spaces and double-quotes in URIs handed off to external programs. This reduces the risk of malicious data being passed through Firefox to another application that may then trigger unexpected and potentially dangerous behavior," Snyder added.
Mozilla Firefox 2.0.0.6 was tested by Softpedia as being 100% Free and is available for download here.