[thelist] Security hole found in Mozilla browser

Greg Holmes greg.holmes at gmail.com
Mon Jul 12 12:16:20 CDT 2004


Ken Schaefer wrote:
>I suspect that there's probably info on this out
>there (and I was hoping that someone might have a
>link handy) - we just need to search harder!

*Probably* (I am no expert) the only vital thing that
the patch XPI  does is to create a new text file in the
pref directory, "bug250180.js", consisting of just two
lines:

--------cut here-----------

// block shell: protocol handler (bug250180)
pref("network.protocol-handler.external.shell", false);

--------cut here-----------

Surely this isn't the only software patch that
doesn't deliver premade solutions for your particular
push-it-out system?  Your IT people may have to do
whatever they do in those situations.  Probably
install the patch on your reference image system, see
what changed, and determine the best way to push it
out.  The delta here is very small.

The fix is also incorporated into the latest version
of Mozilla, so pushing the whole latest version out
is an option too.

Greg Holmes


More information about the thelist mailing list