Foxit Software has fixed a critical security hole in its PDF plugin for web browsers.

A bug in the code allowed overly long URLs in web links to crash the utility - billed as a "better" alternative to Adobe's software - or potentially inject malicious code into vulnerable Windows systems. The stack-based buffer overflow flaw is present in versions 5.4.4 and earlier of the software.

Users of the PDF-viewing plugin are advised to update to version 5.4.5 as explained in an advisory by Foxit. The company credits Danish security notification firm Secunia and Core Security Technologies for finding and confirming the issue in the Firefox build of the software, respectively. ®

Related stories

• 'Better than Adobe' Foxit PDF plugin hit by worse-than-Adobe 0-day (11 January 2013)
• Adobe Reader 0-day exploit surfaces on underground bazaars (8 November 2012)
• Most Adobe Reader installs are out of date (14 July 2011)