Skip to main content

Mozilla fixes flaw - with Internet Explorer!

Despite Mozilla issuing a Firefox patch, there is no word from Microsoft about a patch for IE

Mozilla has patched a security problem within Firefox that's actually caused by vulnerability in Microsoft's Internet Explorer. The critical problem was caused by a hole within Internet Explorer which could have an affect on a variety of Windows applications.

Clicking on a link at a malicious website could open up Firefox or Thunderbird and affect users' computers in such a way that malware could be executed.

More details are available at the Mozilla Foundation's Security Advisory 2007-23 page, but despite the patch the initial problem is with Microsoft, who appears to have done nothing thus far to patch the flaw.

As the Mozilla security advisory notes: "Other Windows applications can be called in this way and also manipulated to execute malicious code. This fix only prevents Firefox and Thunderbird from accepting bad data. This patch does not fix the vulnerability in Internet Explorer."

Mozilla then gives somewhat unsurprising advice to prevent any further problems. "Mozilla highly recommends using Firefox to browse the web to prevent attackers from exploiting this problem in Internet Explorer."