Firefox 0.9.2, Thunderbird 0.7.2, Mozilla 1.7.1 Coming Soon
Thursday July 8th, 2004
Branches have been created for three of mozilla.org's latest releases, in order to fix an external Windows protocol handler bug. The fix involves disabling the
More information about the exploit can be found in this post on the FullDisclosure mailing list.
Update: The XPI to disable the pref is now available.
Another Update: mozilla.org has published a document on the issue.
Yet Another Update: There is an eWeek article about the exploit as well as a discussion at Slashdot. The now public bug report that covers the
Yet Another Update: If you are not using Windows, you are not at risk from this bug. If you are using Windows, go to www.mccanless.us/mozilla/mozilla_bugs.htm to see if you are vulnerable.
#47 Re: Re: Only fix in 1.7.1
Saturday July 10th, 2004 11:57 AM
You are replying to this message
I thought all they did was add shell: to a blacklist. How do you explain these bizarre file size differences?
Mozilla 1.7.1 win32 zip 11,366,599 bytes Mozilla 1.7 win32 zip 11,366,834 bytes -235 bytes (less!)
Mozilla 1.7.1 win32 installer-exe 12,042,960 bytes Mozilla 1.7 win32 installer-exe 12,378,832 bytes -335,872 bytes (less!)
Firefox 0.9.2 win32 zip 6,317,526 bytes Firefox 0.9.1 win32 zip 6,283,289 bytes 34,237 bytes Firefox 0.9.2 win32 setup-exe 5,078,944 bytes Firefox 0.9.1 win32 setup-exe 4,959,023 bytes 119,921 bytes