what mozilla users should know about the shell: protocol security issue

what mozilla users should know about the shell: protocol security issue skip to main content mozilla about developers store support products search mozilla: what mozilla users should know about the shell: protocol security issue on july 7 a security vulnerability affecting browsers for the windows operating system was reported to mozilla.org by keith mccanless, and was subsequently posted to full disclosure, a public security mailing list. on the same day, the mozilla security team confirmed the report of this security issue affecting the mozilla application suite, firefox, and thunderbird and discussed and developed the fix at bugzilla bug 250180. we have confirmed that the bug affects only users of microsoft's windows operating system. the issue does not affect linux or macintosh users. on july 8th, the mozilla team released a configuration change which resolves this problem by explicitly disabling the use of the shell: external protocol handler. the fix is available in two forms. the first is a small download which will make this configuration adjustment for the user. the second fix is to install the newest full release of each of these products. instructions on administering these changes can be found below. how to update mozilla, firefox and thunderbird users on microsoft windows operating systems should update in one of the following ways. to install the security patch for mozilla or firefox, follow these instructions: click install patch. in the software installation window, click the "install now" button. exit and restart your mozilla or firefox browser. to verify the fix in your firefox or mozilla application, be sure to restart the browser and then follow these steps: type about:config into the address field and hit enter. in the filter toolbar, type shell. look for the preference listing network.protocol-handler.external.shell. if you see the preference listed with the value of false then your application has been patched. to install the security patch for thunderbird, follow these instructions: right-click the patch and choose save link as. save the file, shellblock.xpi, to your desktop. in thunderbird, go to the tools menu and select the extensions item. in the resulting extensions window, click the "install" button. use windows file picker to select the shellblock.xpi file from your desktop and click ok to dismiss the file picker. click ok on the software installation window. exit and restart thunderbird. to download and install new mozilla releases releases, follow the instructions below: download mozilla 1.7.1 to your desktop and double-click the mozilla-win32-1.7.1-installer.exe icon. follow the instructions in the mozilla install wizard. download firefox 0.9.2 and to your desktop and double-click the firefoxsetup-0.9.2.exe icon. follow the instructions in the firefox install wizard. download thunderbird 0.7.2 to your desktop and double-click the thunderbirdsetup-0.7.2.exe icon. follow the instructions in the thunderbird install wizard. we value our users' safety and security and will continue to make all efforts to release secure products and respond quickly when security vulnerabilities are identified in our software. future versions of mozilla firefox will include automatic update notifications, which will make it even easier for users to be alerted to security fixes. the mozilla security team would like to thank keith mccanless for the original bug report and test case, and apologize for incorrectly omitting mention of his report in the initial version of this document. site map security updates contact us donate portions of this content are © 1998–2007 by individual mozilla.org contributors; content available under a creative commons license | details. last modified september 17, 2004 document history edit this page (or via cvs)

Acceuil

suivante

what mozilla users should know about the shell: protocol security issue  GUNDAM FIX FIGURATION  Outlook Recovery Tool to Fix PST File - PST Repair Software  NVidia Refresh Rate Fix Win2K/XP - PC INpact  AmyFix.com  Fix - Wikipedia  Heroes: The Fix - TV.com  Conservatives to fix glitch that could block rural voters  WMP Scripting Fix  Ezee-Fix  Don’t Throw Out Your Broken iPod; Fix It via the Web - New York Times  Jim Fix  Fix Your Own Printer  Download details: SafeDisc Windows XP Fix for Microsoft Games  It's not always malware: How to fix the top 10 Internet Explorer ...  The Fix - Salon.com  Fix 4 RSO  fixoyun fix oyun fiks oyunlar fıxoyun fıx oyun fiks oyun fix ...  Editor's Daily Blog: A Temporary Fix  Screenplay Coverage from ***** script-fix *****  FIX-TIPS Free Football picks & Best Soccer betting tips, soccer ...  Amazon.com: War Fix: Books: Steve Olexa,David Axe  Coldplay – Fix You – Music at Last.fm  WinXpFix.com Home page (wixpfix.com) Windows xp news, Tips, Free ...  M i c h a e l F i x  fix  Tricky fix-up plan devised for space station- msnbc.com  WinSock XP Fix 1.2 Freeware download page - tested and reviewed ...  FIX, starring Shawn Andrews, Olivia Wilde, Megalyn Echikunwoke ...  High-fi fix for malfunctioning Guitar Hero III Les Paul - Engadget  WordPress 2.0.6: Feedburner issue, and fix « Mark on WordPress  CSS PNG Image Fix for IE » Blog » Komodo Media  Qwik-Fix (de PivX Labs)  Fantasy Fix: Starters - MSN Video  AppleInsider iMac Software 1.2.1; Time Machine fix; MacBook ...  AppleInsider Apple releases iMac freezing fix, MacBook Pro ...  Microsoft to Fix Two Windows Holes on Patch Tuesday  Les plus beaux restaurants du monde : Le Fix  NASA plans spacewalk to fix ripped solar wing - CNN.com  BBC - Languages French Quick Fix - Basics  DailyTech - Apple Releases Fix for iMac Freeze Issue, Updates MacBooks  PC World - Apple Posts QuickTime Security Fix  PC World - Two Charged with Hacking PeopleSoft to Fix Grades  Troubleshooting 101 : How to fix the family computer and save your ...  Apple posts fix for freezing iMacs - Engadget  Digg - Don’t Throw Out Your Broken iPod; Fix It via the Web  Kitco Inc. - Past Historical London Fix  Fix-A-Flat - Car Care Products- A easy way to fix a flat tire  IPv6 Fix: Home  Intel Researcher Homepage  Fix the pumps  réseau pc fix(usb) portable wifi - je ne trouve pas les config ...  Télécharger Works Fix  FixMyXP.com - Your One Stop Windows XP Fix It Site  ColdFusion 8.0 Cumulative Hot Fix 1  ColdFusion MX 7 Cumulative Hot Fix 3  Definition of fix - Merriam-Webster Online Dictionary  6 Ways to Fix a Confused Information Architecture (Jakob Nielsen's ...  Growing a Business Website: Fix the Basics First (Jakob Nielsen's ...  BBC NEWS Science/Nature Lovelock urges ocean climate fix  BBC SPORT Tennis Llodra reveals match-fix approach