A new Firefox (opens in new tab) update has been released that includes a fix for a recently discovered drive corruption vulnerability. Version 85.0.1 of the browser patches the NTFS bug, as well as four other vulnerabilities.
Last month (opens in new tab), a zero-day exploit was discovered that could crash Windows 10 (opens in new tab) devices simply by getting them to access the $i30 NTFS attribute. As web browsers (opens in new tab) could be used to trigger this error, Mozilla got to work on creating a patch for its Firefox offering.
Before the new update, trying to access c:\:$i30:$bitmap via the browser’s address bar would trigger the NTFS corruption flaw. However, with version 85.0.1 installed, Firefox will ignore the request, saving the user from a potential headache.
- Check out our Windows 10 review (opens in new tab) here
- Here's our list of the best antivirus (opens in new tab) tools
- And check out our list of the best endpoint protection (opens in new tab) software
The initial discovery of the $i30 vulnerability was unusual, with security researchers unsure why the '$i30' string corrupted the NTFS drive. Sometimes, rebooting and performing chkdsk would clear up the drive corruption error but some Windows 10 users found that problems with the NTFS drive persisted.
Given that the vulnerability was relatively easy for threat actors to exploit, a third party software firm, OSR, released a workaround (opens in new tab) that blocked access streams containing the $i30 attribute.
A proper Windows update fixing the flaw is still being waited on even though the vulnerability has been flagged repeatedly, and it’s likely that this fix will be delivered via Microsoft’s next Patch Tuesday release.
At least now Firefox users shouldn’t have to worry about the flaw. Relaunching the browser should lead to the necessary update being downloaded automatically, but users can also click on the Firefox Menu and search for a new update if they want to check that they are running the latest version.
- Also, here's our roundup of the best anonymous browsers (opens in new tab)
Via Bleeping Computer (opens in new tab)