Security research firm Secunia has discovered a serious flaw in Firefox that might allow hackers to execute remote code on Linux and UNIX machines running vulnerable versions. The vulnerability affects Firefox and Linux users, but leave Microsoft’s Internet Explorer unscathed.
The bug was discovered in the shell scripts that Firefox use to parse web addresses that were supplied via external programs. The security researches discovered that commands enclosed in back-ticks were executed by the shell. Secunia gave the flaw its most severe ratings.
The vulnerability arrived following the publication of a report from Symantec that revealed that nearly twice as many flaws had been discovered in Firefox as in Internet Explorer in the past half an year.