The Mozilla Foundation released on Monday a fix for two security
issues, patching a problem in the way its Firefox browser processes
links that call external programs to handle data.
The issue came to light last week, the destination in a circuitous trip of discovery. In early July, three researchers found a way to execute code
in Firefox — and potentially other Windows programs — by passing the
browser a malicious uniform resource identifier (URI) from Internet
Explorer. The discovery lit off a firestorm of finger pointing: The
Mozilla Foundation argued that IE should validate the URI before passing it along to another program, while Microsoft stated that input validation is the responsibility of the receiving program.