Mozilla has released a decisive security update to Firefox , take a third shot at patching hemipteran in the mode the web internet browser can be used to set in motion program from Web link .
Thebug , rated “ temperate ” by Mozilla , lies in the URI ( Uniform Resource Identifier ) protocol handling engineering science that is used to launch programs — an east - mail client for example — from within the browser app . Over the preceding few months , surety research worker have been discovering an increasing number of ways that this technology can be misuse , often as a mode to install unauthorised software on a victim ’s figurer .
The URI plot is one of eight certificate bug - fixes that Mozilla has pushed out with the2.0.0.8 update , discharge belated Thursday .
Mozilla developers in the first place thought that the upshot lay within Microsoft ’s Internet Explorer software , which could be invoked in a malicious fashion via Firefox . Several daytime after issuing their first dapple , however , theyrealizedthat there was a trouble with Firefox as well , and rushed out the 2.0.0.6 update .
Now , three calendar month after that fix , they ’ve patched another URI bug in Firefox that will cut down on the likeliness of programme being launched maliciously through the web web browser . The 2.0.0.6 release “ did not prevent the incorrect file - handle programs from plunge which left some jeopardy , ” Mozilla said in itsadvisory . “ An extra fix has been applied to Firefox 2.0.0.8 that detects when Windows would mishandle these URIs so that the wrong broadcast does not get launch . ”
Mozilla developers were n’t certain thatthis latest twiston the URI problem could really be exploited in Firefox , but they determine to bring out this in style URI piece rather than wait to find out for sure , said Window Snyder , Mozilla ’s security chief . “ We could just say this peculiar transmitter is not an issue because we do not have proof , ” she wrote in an e - mail . “ We could leave it alone . Rather than drop our time analyzing whether this is a vector that could be vulnerable we would rather put the pulley block in place and pass the possibility . This is a defense - in - depth measure . ”
Microsoft has said that it plans to patch underlying components in the Windows operating system , in an exertion to preclude URI communications protocol handler attack , and that will belike go a recollective mode in preventing new flak from cropping up , order Andrew Storms , music director of security measure surgery , with nCircle internet Security . “ We have to acclaim the Mozilla squad for attempting to protect their users , but in the terminal it ’s going to be a Microsoft responsibility , ” he said .
Of the eight vulnerabilities piece Thursday , two are rated vital by Mozilla .
The 2.0.0.8 release also add livelihood for Apple ’s Mac type O X 10.5 operating scheme , code - named Leopard , although Mozilla warns “ there are some cognize issues affecting some media plugins , ” on this platform .
