The Mozilla Foundation released on Monday a fix for two security
issues, patching a problem in the way its Firefox browser processes
links that call external programs to handle data.

The issue came to light last week, the destination in a circuitous trip of discovery. In early July, three researchers found a way to execute code
in Firefox — and potentially other Windows programs — by passing the
browser a malicious uniform resource identifier (URI) from Internet
Explorer. The discovery lit off a firestorm of finger pointing: The
Mozilla Foundation argued that IE should validate the URI before passing it along to another program, while Microsoft stated that input validation is the responsibility of the receiving program.

http://www.securityfocus.com/brief/559