MozillaZine warns of a new firefox security problem
; this one has to do with command line parsing. "For example, consider a Linux user who uses Firefox as his or her default Web
browser and Mozilla Thunderbird as his or her default email client. An
attacker could send an email to this user containing a link to
http://local`find`host. When the user clicks on this link in Thunderbird,
Firefox's URL-parsing shell script will be invoked and will execute the find
command before calling Firefox to open the URL.
" The firefox 1.0.7 release
contains the fix for this problem (and a few others).
to post comments)