The Mozilla Foundation released on Monday a fix for two security issues, patching a problem in the way its Firefox browser processes links that call external programs to handle data.

The issue came to light last week, the destination in a circuitous trip of discovery. In early July, three researchers found a way to execute code in Firefox — and potentially other Windows programs — by passing the browser a malicious uniform resource identifier (URI) from Internet Explorer. The discovery lit off a firestorm of finger pointing: The Mozilla Foundation argued that IE should validate the URI before passing it along to another program, while Microsoft stated that input validation is the responsibility of the receiving program.

http://www.securityfocus.com/brief/559