Mozilla has fixed serious URI-handling holes in Firefox that, if left unpatched, leave a system open to hijacking. The maker of the open-source browser is "strongly" recommending that all Firefox users upgrade immediately.
Firefox isn't alone in suffering from these browser bugs¡ªNetscape Navigator is also vulnerable.

ADVERTISEMENT July brought two sets of URI-handling headaches to Mozilla. First, security researcher Thor Larholm found a URI-handling issue in what he initially called a zero-day IE vulnerability when Firefox and Internet Explorer run together on a single system. Microsoft, of Redmond, Wash., earlier in July pointed the finger of blame at Firefox, and much blame-passing ensued.

Mozilla Security Chief Window Snyder owned up to the issue July 23, saying that Mozilla had found a new scenario over the preceding weekend in which Firefox could be used as an attack entry point in various ways. Specifically, while browsing with Firefox, Snyder said, a malicious URL could be used to pass along bad data to another application.

The problems arise from an input-validation error that can allow remote attackers to execute arbitrary commands on a victim system, through processes such as "cmd.exe," by employing various URI handlers.