The flaw, known as the "shell" exploit, was publicized Wednesday on a
security mailing list, along with a link to a fix for the problem.
Updated versions of the affected software programs, which include the
Mozilla, Firefox and Thunderbird browsers, have been released.
Developers said the flaw affected only Windows users, not computers
running either the Macintosh or Linux operating systems. Like recent
Internet Explorer vulnerabilities, this flaw only allows the attacker
the ability to run an existing program and requires that security
problems in other applications be exploited to gain further access.
The flaw can be used to pass a file extension to the operating system.
Windows XP will then run the helper application corresponding to that
file extension. The main threat comes from the ability of an attacker
to pass parameters to exploit vulnerabilities in a specific helper
application, which could give an outsider access to the system. A
shell problem could also cause the computer to freeze.
The news comes as Microsoft has been dealing with a string of security
flaws found in its Internet Explorer browser during the past several
weeks. Some researchers had begun recommending that people worried
about online security stop using the IE browser altogether.
Microsoft recommends that Web surfers using Internet Explorer keep
abreast of the latest security warnings, and go to the company's
Protect Your PC site.
Mozilla developers said that future versions of the Firefox Web
browser would have automatic update notifications that would make it
easier to notify users about security fixes.
© 2009; SpywareUninstaller.com Group Project; All Rights Reserved.