what mozilla users should know about the shell: protocol security issue
what mozilla users should know about the shell: protocol security issue
skip to main content
mozilla
about
developers
store
support
products
search mozilla:
what mozilla users should know about the shell: protocol security issue
on july 7 a security vulnerability affecting browsers for the
windows operating system was reported to mozilla.org by keith mccanless, and was subsequently
posted to full disclosure, a public security
mailing list. on the same day, the mozilla security team confirmed the report
of this security issue affecting the mozilla application suite, firefox, and
thunderbird and discussed and developed the fix at bugzilla bug 250180. we have
confirmed that the bug affects only users of microsoft's windows operating
system. the issue does not affect linux or macintosh users.
on july 8th, the mozilla team released a configuration change which resolves this
problem by explicitly disabling the use of the shell: external
protocol handler. the fix is available in two forms. the first is a small
download which will make this configuration adjustment for the user. the second
fix is to install the newest full release of each of these products.
instructions on administering these changes can be found below.
how to update
mozilla, firefox and thunderbird users on microsoft windows operating
systems should update in one of the following ways.
to install the security patch for mozilla or firefox, follow these instructions:
click install patch.
in the software installation window, click the "install now" button.
exit and restart your mozilla or firefox browser.
to verify the fix in your firefox or mozilla application, be sure to restart the browser and then follow these steps:
type about:config into the address field and hit enter.
in the filter toolbar, type shell.
look for the preference listing network.protocol-handler.external.shell.
if you see the preference listed with the value of false then your application has been patched.
to install the security patch for thunderbird, follow these instructions:
right-click the patch and choose save link as.
save the file, shellblock.xpi, to your desktop.
in thunderbird, go to the tools menu and select the extensions item.
in the resulting extensions window, click the "install" button.
use windows file picker to select the shellblock.xpi file from your desktop and click ok to dismiss the file picker.
click ok on the software installation window.
exit and restart thunderbird.
to download and install new mozilla releases releases, follow the instructions below:
download mozilla 1.7.1 to your desktop and double-click the mozilla-win32-1.7.1-installer.exe icon.
follow the instructions in the mozilla install wizard.
download firefox 0.9.2 and to your desktop and double-click the firefoxsetup-0.9.2.exe icon.
follow the instructions in the firefox install wizard.
download thunderbird 0.7.2 to your desktop and double-click the thunderbirdsetup-0.7.2.exe icon.
follow the instructions in the thunderbird install wizard.
we value our users' safety and security and will continue to make all
efforts to release secure products and respond quickly when security
vulnerabilities are identified in our software. future versions of mozilla
firefox will include automatic update notifications, which will make it even
easier for users to be alerted to security fixes. the mozilla security team would like
to thank keith mccanless for the original bug report and test case, and apologize for incorrectly
omitting mention of his report in the initial version of this document.
site map
security updates
contact us
donate
portions of this content are © 1998–2007 by individual mozilla.org
contributors; content available under a creative commons license | details.
last modified september 17, 2004
document history
edit this page (or via cvs)
Acceuil
suivante
what mozilla users should know about the shell: protocol security issue GUNDAM FIX FIGURATION Outlook Recovery Tool to Fix PST File - PST Repair Software NVidia Refresh Rate Fix Win2K/XP - PC INpact AmyFix.com Fix - Wikipedia Heroes: The Fix - TV.com Conservatives to fix glitch that could block rural voters WMP Scripting Fix Ezee-Fix Don’t Throw Out Your Broken iPod; Fix It via the Web - New York Times Jim Fix Fix Your Own Printer Download details: SafeDisc Windows XP Fix for Microsoft Games It's not always malware: How to fix the top 10 Internet Explorer ... The Fix - Salon.com Fix 4 RSO fixoyun fix oyun fiks oyunlar fıxoyun fıx oyun fiks oyun fix ... Editor's Daily Blog: A Temporary Fix Screenplay Coverage from ***** script-fix ***** FIX-TIPS Free Football picks & Best Soccer betting tips, soccer ... Amazon.com: War Fix: Books: Steve Olexa,David Axe Coldplay – Fix You – Music at Last.fm WinXpFix.com Home page (wixpfix.com) Windows xp news, Tips, Free ... M i c h a e l F i x fix Tricky fix-up plan devised for space station- msnbc.com WinSock XP Fix 1.2 Freeware download page - tested and reviewed ... FIX, starring Shawn Andrews, Olivia Wilde, Megalyn Echikunwoke ... High-fi fix for malfunctioning Guitar Hero III Les Paul - Engadget WordPress 2.0.6: Feedburner issue, and fix « Mark on WordPress CSS PNG Image Fix for IE » Blog » Komodo Media Qwik-Fix (de PivX Labs) Fantasy Fix: Starters - MSN Video AppleInsider iMac Software 1.2.1; Time Machine fix; MacBook ... AppleInsider Apple releases iMac freezing fix, MacBook Pro ... Microsoft to Fix Two Windows Holes on Patch Tuesday Les plus beaux restaurants du monde : Le Fix NASA plans spacewalk to fix ripped solar wing - CNN.com BBC - Languages French Quick Fix - Basics DailyTech - Apple Releases Fix for iMac Freeze Issue, Updates MacBooks PC World - Apple Posts QuickTime Security Fix PC World - Two Charged with Hacking PeopleSoft to Fix Grades Troubleshooting 101 : How to fix the family computer and save your ... Apple posts fix for freezing iMacs - Engadget Digg - Don’t Throw Out Your Broken iPod; Fix It via the Web Kitco Inc. - Past Historical London Fix Fix-A-Flat - Car Care Products- A easy way to fix a flat tire IPv6 Fix: Home Intel Researcher Homepage Fix the pumps réseau pc fix(usb) portable wifi - je ne trouve pas les config ... Télécharger Works Fix FixMyXP.com - Your One Stop Windows XP Fix It Site ColdFusion 8.0 Cumulative Hot Fix 1 ColdFusion MX 7 Cumulative Hot Fix 3 Definition of fix - Merriam-Webster Online Dictionary 6 Ways to Fix a Confused Information Architecture (Jakob Nielsen's ... Growing a Business Website: Fix the Basics First (Jakob Nielsen's ... BBC NEWS Science/Nature Lovelock urges ocean climate fix BBC SPORT Tennis Llodra reveals match-fix approach