14 DAY TRIAL // It still can't properly handle protocol. It's bugged! They've released two patches since these flaws were first discovered but it is still vulnerable. This is sort of like Windows XP. They've released it and then came Service Pack I and then II and a lot of hotfixes and updates and so on and so forth. And now, no matter what version of Windows XP you have, once in a while, that little box pops up in the corner saying some update is available - and I go "What the hell?!" then I see it fixes some flaw. I guess that some programs will always be bugged!
I've got used to Windows, but I hope that Firefox will be something different and once they patch it up it will be for good! The thing is that Firefox is still vulnerable to attacks exploiting protocol handling bugs, and yes, this should have been fixed in the patches from July... The problem, of course, is still regarding URIs.
I've checked out Billy Rios' blog (this guy is a security expert) and this is how he regarded this issue: "Once again, these URI payloads can be passed by the mailto, nntp, news, and snews URIs, allowing us to pass the payload without any user interaction. So, it seems that although the conditions which allowed for remote command execution in Firefox 2.0.0.5 have been addressed with a security patch, the underlying file type handling issues which are truly the heart of the issue have NOT been addressed."
If you want to pay Rios' blog a visit be my guest and click on this link If this guy doesn't know what he's talking about, then I don't know who does!
I hope that after this, the Mozilla people will treat such problems more carefully and properly attend to bugs! I don't want to see them pull an "XP" on us all!