Security researchers have discovered a new vulnerability with Firefox that might allow hackers to seize control of Unix or Linux machines running vulnerable versions of the popular alternative browser software. The vulnerability can only be exploited on Unix or Linux based environments. Firefox users at risk are advised to upgrade to version 1.0.7 to guard against attack.

The security bug creates a means for hackers to execute arbitrary shell commands providing they trick users into following a malicious link in an external application which uses Firefox as the default browser, such as the Evolution email client on various versions of Red Hat Linux. The vulnerability has been confirmed in version 1.0.6 of Firefox on Fedora Core 4 and Red Hat Enterprise Linux 4. Other versions and platforms may also be affected, security notification firm Secunia warns (http://secunia.com/advisories/16869), however there's no evidence that the security bug is being actively exploited. The flaw, such as it is, was unearthed (https://bugzilla.mozilla.org/show_bug.cgi?id=307185) by security researcher Peter Zelezny. ®

Related stories

X marks the bug (3 May 2006)
http://www.theregister.co.uk/2006/05/03/x11/
Red Hat shares soar on impressive Q2 (28 September 2005)
http://www.theregister.co.uk/2005/09/28/redhat_q2_06/
Mandriva rejigs channel programme (21 September 2005)
http://www.channelregister.co.uk/2005/09/21/mandriva_partner_programme/
Firefox and Mac security sanctuaries 'under attack' (19 September 2005)
http://www.theregister.co.uk/2005/09/19/symantec_threat_report/
Mozilla disables IDN to guard against Firefox flaw (12 September 2005)
http://www.theregister.co.uk/2005/09/12/mozilla_idn_fix/
Red Hat holes less severe than Windows - study (27 July 2005)
http://www.theregister.co.uk/2005/07/27/red_hat_security/
Mozilla and Firefox flaws exposed (7 January 2005)
http://www.theregister.co.uk/2005/01/07/mozilla_flaws/