Microsoft Flip-Flops On URI Protocol Handing Flaw

a-twitter writes "After months of insisting there is nothing to patch, Microsoft has done a complete 180 on the URI protocol handling vulnerability, announcing in a security advisory that a Windows update will be released to revise URI handling code within ShellExecute() to be more strict. The MSRC blog explains the background and offers more details on this issue."

Re:From one side of the mouth, then the other

[thegrassyknowl]

"There's nothing wrong with it" ---(M$ To English)---> "We're too stupid to be able to fix this bug so we'll claim it works as expected and is a feature then tell the users that it's their fault. At least our users are stupider than us."

Firefox?

[Erris]

They're fixing other applications (Firefox in this case)

Did you really say and believe that? Congratulations, you have outdone M$ themselves. Let's review:

• the problem happened if you installed IE7, not before.
• M$ has just admitted their mistaken way of dealing with urls in XP and 2003.

How is that Firefox again? Yes, I saw in the recap where "MSRCTEAM" mentions their previous friendly blame cast, I mean "advice", to the Firefox team. Can you tell me how that intersects reality again?

Re:Pay attention

[Smartcowboy]

Since Firefox is an open source project, ANYONE has the option to contribute patches Don't be ridiculous. Most open source projects are run by groups of elitists who will ignore any contribution who don't come from them. The only way to contribute to a project is to fork it but then you will still be ignored by the whole world because you are not mainstream. Any attempt to integrate an existing open source project is an exercise of futility.