The flaw lay in the way Firefox version 2.0.0.5 handled uniform resource identifiers (URIs), protocols that allow browsers to access software. Firefox failed to properly handle some URIs, a flaw in the Web browser that could have allowed remote malware execution.
Bugzilla@Mozilla posted the bug as "resolved fixed" on Wednesday. A link to the patch is available through the bug post.
Netscape Navigator 9 was also affected by the flaw, said Billy Rios, the security researcher who discovered the flaw.
Rios called for developers to pay more attention to possible URI-handling vulnerabilities in their code, after a spate of browser difficulties involving URIs in Internet Explorer and Firefox.
According to Rios, developers must be aware that applications installing URI handlers on a PC can give an extra attack vector, because an attacker can then embed a link to the application in a Web page.
"Developers who intend to or have already registered URIs for their applications must understand that registering a URI handler exponentially increases the attack surface for that application," said Rios in his blog. "Please review your registered URI-handling mechanisms and audit the functionality called by those URIs."
Play video
There are currently no comments for this post.