Mozilla / Firefox security patch released (shell: protocol security issue)

http://www.mozilla.org/security/shell.html

Instructions are on the site for either patching your current Mozilla and / or Firefox or installing the latest releases of each.

What Mozilla users should know about the shell: protocol security issue

On July 7 (yesterday) a security vulnerability affecting browsers for the Windows operating system was posted to Full Disclosure, a public security mailing list. On the same day, the Mozilla security team confirmed the report of this security issue affecting the Mozilla Application Suite, Firefox, and Thunderbird and discussed and developed the fix at Bugzilla bug 250180. We have confirmed that the bug affects only users of Microsoft's Windows operating system. The issue does not affect Linux or Macintosh users.

Today, the Mozilla team released a configuration change which resolves this problem by explicitly disabling the use of the shell: external protocol handler. The fix is available in two forms. The first is a small download which will make this configuration adjustment for the user. The second fix is to install the newest full release of each of these products. Instructions on administering these changes can be found below.

just installed it, only took a second or so.

You may want to kick this once or twice if it disappears, since a lot of people here use Mozilla.

...one of the main reasons I switched to Firefox and Mozilla (I use both) was the many testimonials from "satisfied customers" here on DU...so I'll make sure it's visible to both the "day shift" and the "evening crew"...

:toast:

:kick: