Flaws in Firefox are of growing concern to the adult Internet industry because of Firefox’s growing share of the browser market.
The more critical of the two flaws concerns the encoding of URLs that are handed off to external programs, an issue that the Mozilla team had rated as a "critical" flaw.
Researcher Jesper Johansson originally reported the flaw, observing that Firefox did not percent-encode spaces and double-quotes in uniform resource identifiers (URIs) that were passed to external applications, which resulted in the possibility that the receiving program could interpret an incoming single URI as multiple arguments — an error that had also been observed in Internet Explorer.
In Firefox 2.0.0.5, Mozilla introduced code to handle URLs passed to Firefox that included unfixed quotes and spaces, and version 2.0.0.6 ensures that Firefox properly percent-encodes those strings before passing them to external programs.
The less serious vulnerability addressed in the 2.0.0.6 release was a flaw that allowed “privilege escalation” — exploiting a bug to access resources that would normally be reserved for an administrator and protected from mere users — by manipulating add-ons in Firefox 2.0.0.5.
According to web metrics tracking firm Net Applications, Firefox’s share of the browser market increased from 9.5 percent in January 2006 to more than 13.6 percent in January of this year.
A competing web metrics firm, OneStat, claims that Firefox’s growth was smaller in the same period, but reports Firefox’s total market share is higher: 16.11 percent as of January.
