FireFox users, get 0.9.2 ASAP (Security fix)

[aww]

FireFox users, you need to upgrade to 0.9.2 as soon as possible as there is a shell access security hole that needs to be patched:
http://www.eweek.com/print_article/0,1761,a=131090,00.asp

links in a Web page using the "shell:" scheme can execute arbitrary programs on the user's system. The attacker would have to know the location in the file system of the program, but there are known programs in Windows with buffer overflows.

This means the attacker could create a link in a Web page that could execute arbitrary code under Windows. Through the use of an appropriate META tag, the attack could load without the user having to click a link explicitly.

In the definition of a URI (Uniform Resource Identifier), the technical name for a Web address, "shell:" is not a protocol like http but a scheme. Some schemes map directly to protocol handlers in the browser itself or externally, such as those that handle audio and video media.

http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/0.9.2/

 

[Professer]

Thanks, aww. Security fixes are good.

Update instructions and download links also can be found on the Mozilla site here: http://mozilla.org/security/shell.html.

 

[Brian]

ever notice how everything only effects windows, yay for linux

 

[aww]

Linux has its issues as does the Mac. It's just the percentages. Windows is used by at least 70% of the market even in the most conservative estimates. If linux was 70% you can be assured it would be exploited as much as possible by the mean people out there.

 

[JNav]

If your a Thunderbird user get 0.7.2 while your at it

http://ftp.mozilla.org/pub/mozilla.org/thunderbird/releases/0.7.2/ThunderbirdSetup-0.7.2.exe

 

[GTech]

Thanks for the heads up, just updated!