The Mozilla Foundation acknowledged over the weekend that its own
Firefox browser allows links that can send malicious code to external
programs, a security issue that the group had previously argued should
be fixed by the browser maker.
In early July, three researchers found a way to execute code
in Firefox — and potentially other Windows programs — by passing it a
malicious uniform resource identifier (URI) from Internet Explorer. The
discovery lit off a firestorm of finger pointing: The Mozilla Foundation argued that IE should validate the URI before passing it along to another program, while Microsoft stated that input validation is the responsibility of the receiving program.