evance

Mozilla released a patch on Monday to its Firefox browser product that fixes two known issues: earlier releases of Firefox did not percent-encode spaces and double-quotes in uniform resource identifiers, which caused problems when Firefox handed off information to another program. The patch also resolves a bug which could have allowed privilege escalation attacks, by exploiting unsecure code in add-ons that generate "about:blank" windows. An attack could allow the about:blank windows to be populated, including the creation of about:blank windows and the use of JavaScript URLs in new windows.

Firefox 2.0.0.6 is available from the Mozilla Web site. Existing registered Mozilla users will be notified about the availability of the patch. Applying the patch will completely resolve both issues, but Mozilla also offered a workaround for the bugs, to ensure that the browser is secure. Mail related links will always prompt for confirmation before launching an external program via Firefox, if the following remedy is in place:

Enter about:config in the location bar
Enter "warn-external" in the Filter: box
Double-click to set the mailto, news, NNTP, and snews lines to true