Firefox 1.5.0.3 Vulnerability

Castlecops has a nice post of all these about:-commands, in case somebody is interested.
http://castlecops.com/t120865-Firefox_About_Commands.html

 

Tried with Firefox and Core Force ("custom" Firefox setup). Nothing happened, of course.

 

I heard about this earlier today. I did not have such an entry in my Firefox tho.

 

Thanks ronjor. I missed the filter part. I set it to "true" now. I guess I should be all set.

Thanks

 

To completely negate this vulnerability, type about:config into the Firefox location bar and press enter, type mailto, find this line:

network.protocol-handler.external.mailto

right click the line and select toggle (to false), close and reopen Firefox.

This will result in Firefox no longer opening your default email client when you click on "mailto" links, but can be easily reversed.

I tried the POC in SeaMonkey 1.0.1

Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.8.0.4) Gecko/20060506 SeaMonkey/1.0.1 (this is not the 1.0.1 release version)

and it had no effect (except blank boxes on a white page), so I think you can expect it to be fixed in Firefox 1.5.0.4 (or any nightly branch build based on Gecko 1.8.0.4 that you can download now if you're worried).