Developers at the open-source Mozilla Foundation have confirmed that the latest version of their Web browsers have a security flaw that could allow attackers to run existing programs on the Windows XP operating system.
The flaw, known as the "shell" exploit, was publicized Wednesday on a security mailing list, along with a link to a fix for the problem. Updated versions of the affected software programs, which include the Mozilla, Firefox and Thunderbird browsers, have been released.
Developers said the flaw affects only Windows users, not computers running the Macintosh and Linux operating systems. Like recent Internet Explorer vulnerabilities, this flaw only allows the attacker the ability to run an existing program and requires that security problems in other applications be exploited to gain further access.
The flaw can be used to pass a file extension to the operating system. Windows XP will then run the helper application corresponding to that file extension. The main threat comes from the ability of an attacker to pass parameters to exploit vulnerabilities in a specific helper application, which could give an outsider access to the system. A shell problem could also cause the computer to freeze.
More IT news stories
Microsoft's 1994 consent decree: Boon or bust?
HP sets new e-waste target
China, U.S. resolve chip tax issues
IBM plans bus technology ride
The news comes as Microsoft has been dealing with a found in its Internet Explorer browser during the past several weeks. Some researchers had begun recommending that people worried about online security .
Microsoft recommends that Web surfers using Internet Explorer keep abreast of the latest security warnings, and go to the company's Protect Your PC site.
Mozilla developers said that future versions of the Firefox Web browser would have automatic update notifications that would make it easier to notify users about security fixes.