[Gathnet] Windows Explorer security bug affects Firefox
Stuart D. Gathman
stuart at bmsi.com
Fri Jul 9 09:14:49 EDT 2004
On Fri, 9 Jul 2004, Stuart D. Gathman wrote:
> This was supposed to have been fixed in XP service pack 1, but wasn't.
> Please upgrade Firefox to work around this, or else clicking on links
> beginning with "shell:" will execute arbitrary programs.
This has also (really) been fixed in XP service pack 2. You can manually
fix it if you are comfortable with Windows configuration by removing
"shell" as an allowed protocol for internet context. The Firefox
upgrade "works around" this problem by checking for a list of
dangerous protocols when the OS is Windows and not passing them to
the OS. Although XP SP1 claimed to fix the problem with "shell", it
actually didn't, so "shell" has been added to the "protocols dangerous
for braindead OS" list for Firefox 0.9.2 (along with "vbscript" and other
nasties that are already there).
--
Stuart D. Gathman <stuart at bmsi.com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
More information about the Gathnet
mailing list