Linux users warned about Firefox flaw

Users running Firefox on Linux may be vulnerable to a security vulnerability that can be exploited to compromise the user's system.

Security firm Secunia warned on Tuesday that a flaw rated as "extremely critical" has been found in Firefox 1.0.6. The flaw can only be exploited on Unix or Linux based environments and can be fixed by upgrading to Firefox 1.0.7.

The bug is caused by the way that Firefox responds to URLs passed on the command line — these are passed into the shell, which makes it hard to reliably pass URLs to Firefox from external programs, according to the Secunia advisory and the Mozilla bug report for this flaw. One way that hackers could exploit this bug is by sending a malicious link to an email client that uses Firefox as the default browser, such as Evolution. If the user clicked on the link, shell commands could be executed on the user's machine.

The bug has been confirmed for Firefox 1.0.6 running on Fedora Core 4 and Red Hat Enterprise Linux 4, although other browser versions and platforms may also be affected.

Earlier this week, another security firm claimed that errors were being found at a greater rate in Mozilla's browsers than in Internet Explorer, but a Mozilla employee hit back at this report claiming that his firms reaction to flaws was much better for users than Microsoft's.