The vulnerability which has been widely reported as effecting only Internet Explorer, whereby the browser doesn't restrict access to the shell: URI handler also effects a number of other products, including Firefox, Mozzila and Mozilla Thunderbird. See the official advisory from Mozilla here (http://www.mozilla.org/security/shell.html). The problem is an inherent security flaw that exists in later versions of Windows rather than a problem with the browser, the various patches that were released by Microsoft for Internet Explorer merely filtered sites from accessing this, rather than removing the flaw hence it was still exploitable even with the patch installed.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
timeasmymeasure
no subject
Date: 2004-07-10 11:10 pm (UTC)