Linux users warned about Firefox flaw
Summary: An 'extremely critical' flaw has been found in Firefox 1.0.6 running on Linux or Unix
Users running Firefox on Linux may be vulnerable to a security vulnerability that can be exploited to compromise the user's system.
Security firm Secunia warned on Tuesday that a flaw rated as "extremely critical" has been found in Firefox 1.0.6. The flaw can only be exploited on Unix or Linux based environments and can be fixed by upgrading to Firefox 1.0.7.
The bug is caused by the way that Firefox responds to URLs passed on the command line — these are passed into the shell, which makes it hard to reliably pass URLs to Firefox from external programs, according to the Secunia advisory and the Mozilla bug report for this flaw. One way that hackers could exploit this bug is by sending a malicious link to an email client that uses Firefox as the default browser, such as Evolution. If the user clicked on the link, shell commands could be executed on the user's machine.
The bug has been confirmed for Firefox 1.0.6 running on Fedora Core 4 and Red Hat Enterprise Linux 4, although other browser versions and platforms may also be affected.
Earlier this week, another security firm claimed that errors were being found at a greater rate in Mozilla's browsers than in Internet Explorer, but a Mozilla employee hit back at this report claiming that his firms reaction to flaws was much better for users than Microsoft's.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Unless the person is going against everything that is right and good and is running his/her box as *root.* In which case, he/she probably deserves everything that comes to him/her. :)
Don't get me wrong - I'm not cavalier or anything, and I'll be upgrading, but does this deserve an EXTREMELY CRITICAL warning level? Hell, any website that puts cookies on your box can track and perform basic functions on your computer.