Mozilla has acknowledged a security issue in Firefox, which potentially can be exploited by malicious people to compromise a user's system. The security issue is caused due to the "-chrome" parameter allowing execution of arbitrary Javascript script code in chrome context. This can be exploited to execute arbitrary commands on a user's system e.g. via applications invoking Firefox with unfiltered command line arguments. The security issue affects Firefox prior to version 2.0.0.7.
Version 2.0.0.7 is already in the tree. Mozilla team, is this version ready to be stabilised?
According to the Mozilla advisory [1], this only affects links opened by QuickTime and therefore not Linux. Is this an issue for us, too? [1] http://www.mozilla.org/security/announce/2007/mfsa2007-28.html
It can go stable, but according to the Mozilla advisory, it only affects some Quicktime stuff.
I don't see any need to do a security stabling if Linux is not affected.
