Firefox Browser 2.0.0.6 Security Update Released on 7/31/07
News Flash!
Mozilla has just released a security update to it's flagship Firefox browser; Firefox 2.0.0.6
The news here is that this sudden release patches a critical vulnerability known as "Firefox URI-Handling Bugs," which could leave a Firefox equipped computer open to hijacking.
Mozilla Security Chief Window Snyder announced on July 23 that Mozilla had found a new scenario over the preceding weekend in which Firefox could be used as an attack entry point in various ways, via URI exploits. Specifically, while browsing with Firefox, Snyder said, a malicious URL could be used to pass along bad data to another application.
The problems arise from an input-validation error that can allow remote attackers to execute arbitrary commands on a victim system, through processes such as "cmd.exe," by employing various URI handlers.
In a Deepsight alert to its customers July 31, Symantec, of Cupertino, Calif., outlined this possible attack scenario: First, an attacker constructs malicious links to pass arguments or parameters for an external application that will run when the URI is loaded. The attacker then plants the malicious link on a Web site or sends it through HTML e-mail or by other means.
If successful, the attacker then executes an arbitrary application. First, an attacker would launch the command line, then could pass arbitrary arguments to the command shell that would then launch other applications.
An additional bug has been patched in version 2.0.0.6. Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create "about:blank" windows and populate them in certain ways (including implicit "about:blank" document creation through data: or javascript: URLs in a new window).
One add-on known to be affected is the Web Developer Toolbar, which is used by webmasters to analyze web pages, which was safe in its default configuration but potentially vulnerable to malicious web content if informational windows were opened as separate windows instead of tabs.
Synopsis:
Fixed in Firefox 2.0.0.6
MFSA 2007-27: Unescaped URIs passed to external programs
MFSA 2007-26: Privilege escalation through chrome-loaded about:blank windows
Firefox Version 2.0.0.6, is available here for Windows, Mac and Linux. Users on Firefox 2.0.0.x will be getting an automated update notification within 24 to 48 hours, or the update can be manually downloaded by selecting "check for updates" in Firefox's Help menu. Do so immediately for your own protection!