Software Update: Mozilla 1.7.1

The Mozilla ‘suite’ consists of a browser, an email and newsgroup client, and the IRC client ChatZilla. The Mozilla.org security team has released an update to this program. A security vulnerability has been found on Windows systems with the shell protocol handler, which can be exploited by a web page to allow programs to run on a computer. When a non-existent file is requested in this way, Mozilla keeps opening new windows until the computer crashes. The exploits can be done with the links on this page being tested. The next announcement was created on Mozilla.org:

On July 7 (yesterday) a security vulnerability affecting browsers for the Windows operating system was posted to Full Disclosure, a public security mailing list. On the same day, the Mozilla security team confirmed the report of this security issue affecting the Mozilla Application Suite, Firefox, and Thunderbird and discussed and developed the fix at Bugzilla bug 250180† We have confirmed that the bug affects only users of Microsoft’s Windows operating system. The issue does not affect Linux or Macintosh users.[break]Users can solve this problem in two ways: upgrade to Mozilla 1.7.1or this patch to install. If you are using the patch, it is wise to check whether it has been installed correctly. This can be done by typing ‘about:config’ in the address bar, and then filtering for the word ‘shell’. If the option ‘network.protocol-handler.external.shell’ has a value of ‘false’, the patch has been installed correctly.