Mozilla released on Tuesday an update to Firefox 2 that patches the Mozilla side of a flaw shared with Microsoft Internet Explorer.
The update, Firefox 184.108.40.206, also patches a privilege escalation vulnerability.
Current users of Firefox 2 will receive an update notice. Others can download it from the Mozilla site.
Researcher Jesper Johansson noted that Firefox did not percent-encode spaces and double-quotes in URIs (uniform resource identifiers) handed off to external programs. That means the receiving program could interpret a single URI as multiple arguments. For example, when running Firefox on Windows XP with IE7 installed, URIs … Read more