Wil Tan

There’s a new vulnerability in Mozilla / Firefox that allows arbitrary code execution, as reported in Slashdot.

You can patch Firefox by installing this extension. But if you’re like me and like to have the minimal number of extensions installed, you can do this:

1. Open the Javscript Console
2. Copy the following line-by-line into the textbox (hitting enter after each line):
   
   <br /> var prefs = Components.classes["@mozilla.org/preferences-service;1"].getService().QueryInterface(Components.interfaces.nsIPrefBranch);</p> <p>prefs.setBoolPref(“network.protocol-handler.external.shell”, false);</p> <p>prefs.getBoolPref(“network.protocol-handler.external.shell”);<br />
   

   You should see false being evaluated after running the last line.

Note: This only works for the current profile. If you have more than one profile, you should probably install the extension. And you shouldn’t need to restart the browser, the preference should be written to your prefs.js file when firefox quits (unless, of course, it crashes before that)

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

This entry was posted on Friday, July 9th, 2004 at 3:42 pm and is filed under security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.