What Mozilla users should know about the shell: protocol security issue
On July 7 (yesterday) a security vulnerability affecting browsers for the
Windows operating system was posted to Full Disclosure, a public security
mailing list. On the same day, the Mozilla security team confirmed the report of
this security issue affecting the Mozilla Application Suite, Firefox, and
Thunderbird and discussed and developed the fix at Bugzilla bug 250180. We have
confirmed that the bug affects only users of Microsoft's Windows operating
system. The issue does not affect Linux or Macintosh users.
Today, the Mozilla team released a configuration change which resolves this
problem by explicitly disabling the use of the shell: external protocol handler.
The fix is available in two forms. The first is a small download which will make
this configuration adjustment for the user. The second fix is to install the
newest full release of each of these products. Instructions on administering
these changes can be found below.
How to update
Mozilla, Firefox and Thunderbird users on Microsoft Windows operating systems
should update in one of the following ways.
* To install the security patch for Mozilla or Firefox, follow these
instructions:
1. Click Install Patch.
2. In the Software Installation window, click the "Install Now" button.
3. Exit and restart your Mozilla or Firefox browser.
* To install the security patch for Thunderbird, follow these instructions:
1. Right-click the Patch and choose save link as.
2. Save the file, shellblock.xpi, to your Desktop.
3. In Thunderbird, go to the Tools menu and select the Extensions item.
4. In the resulting Extensions window, click the "Install" button.
5. Use Windows file picker to select the shellblock.xpi file from your
Desktop and click OK to dismiss the file picker.
6. Click OK on the Software Installation window.
7. Exit and restart Thunderbird.
patch here.
http://ftp.mozilla.org/pub/mozilla.org/moz.../shellblock.xpi * To download and install new Mozilla releases releases, follow the
instructions below:
1. Download Mozilla 1.7.1 to your Desktop and double-click the
mozilla-win32-1.7.1-installer.exe icon.
2. Follow the instructions in the Mozilla Install wizard.
1. Download Firefox 0.9.2 and to your Desktop and double-click the
FirefoxSetup-0.9.2.exe icon.
2. Follow the instructions in the Firefox Install wizard.
1. Download Thunderbird 0.7.2 to your Desktop and double-click the
ThunderbirdSetup-0.7.2.exe icon.
2. Follow the instructions in the Thunderbird Install wizard.
We value our users' safety and security and will continue to make all efforts to
release secure products and respond quickly when security vulnerabilities are
identified in our software. Future versions of Mozilla Firefox will include
automatic update notifications, which will make it even easier for users to be
alerted to security fixes.
--
Richard Jobity, Tunapuna, Trinidad and Tobago | ph: (868) 620-5550
-----------------------------------------------------------------
http://www.ttlug.org |
http://www.weakblog.com |
http://www.jobity.commail @ richjob@jobity.com | icq: 5183191 | aim: richjob | ym: richjob
-----------------------------------------------------------------
Trusted computing gives companies more control over your machine than
you have.
-------------------------------------------------
This mail sent through IMP:
http://horde.org/imp/ 
