Mozilla patches Web browser flaw

Mozilla has patched a flaw in its popular browser Firefox that could have allowed users' computers to be taken over by visiting Web sites infected with malware -- a popular form of attack in recent times.

Mozilla has patched a flaw in its popular browser Firefox that could have allowed users' computers to be taken over by visiting Web sites infected with malware -- a popular form of attack in recent times.

The results of a recent study by Google, show that one in 10 Web sites could be potential launch pads for "drive-by-download" malware attacks.

The flaw lay in the way Firefox version 2.0.0.5 handled uniform resource identifiers (URIs), protocols that allow browsers to access software. Firefox failed to properly handle some URIs, a flaw in the Web browser that could have allowed remote malware execution.

Bugzilla@Mozilla posted the bug as "resolved fixed" on Wednesday. A link to the patch is available through the bug post.

Netscape Navigator 9 was also affected by the flaw, said Billy Rios, the security researcher who discovered the flaw.

Rios called for developers to pay more attention to possible URI-handling vulnerabilities in their code, after a spate of browser difficulties involving URIs in Internet Explorer and Firefox.

According to Rios, developers must be aware that applications installing URI handlers on a PC can give an extra attack vector, because an attacker can then embed a link to the application in a Web page.

"Developers who intend to or have already registered URIs for their applications must understand that registering a URI handler exponentially increases the attack surface for that application," said Rios in his blog. "Please review your registered URI-handling mechanisms and audit the functionality called by those URIs."

Tom Espiner reported for ZDNet UK from London

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All