Mozilla issues important patch to stop Firefox triggering Windows 10's drive corruption flaw

3 Comments
Firefox

A few weeks ago, we wrote about a bug in Windows 10 which could lead to an NTFS drive being formatted simply by opening a folder. The issue affects the $i30 NTFS attribute, and it can be triggered in Explorer as well as web browsers.

Now Mozilla has released a key update to Firefox which prevents it from activating the bug. To be protected, you need to be running at least Firefox 85.0.1.

See also:

Ordinarily, the bug could be triggered by running the command cd c:\:$i30:$bitmap, but it could also be caused by simply opening a specially crafted folder. If a folder includes a shortcut file with its icon location set to c:\:$i30:$bitmap, merely viewing the contents of a folder is enough to corrupt a drive.

When the bug was discovered, Bleeping Computer reported that a web browser opening a file that references file:///C:/:$i30:$bitmap could also trigger corruption. Now the site shares news of the Firefox update which means Mozilla's browser can no longer be abused in this way. The company says that the update stops Firefox from accessing "NTFS special paths that could lead to filesystem corruption".

The changelog for Firefox 85.0.1 is as follows:

  • Prevent access to NTFS special paths that could lead to filesystem corruption.
  • Fixed a crash when authenticating to websites using SPNEGO on macOS devices with Apple Silicon CPUs (bug 1685427).
  • Avoid printing an extra blank page at the end of some documents (bug 1689789).
  • Fixed a browser crash in case of unexpected Cache API state (bug 1684838).
  • Fixed external URL scheme handlers when using the Firefox flatpak (bug 1688966)

While Microsoft has yet to issue a patch of its own for Windows 10, an unofficial third-party fix was released by security developers.

3 Comments

3 Responses to Mozilla issues important patch to stop Firefox triggering Windows 10's drive corruption flaw

Got News? Contact Us

Recent Headlines

Businesses not confident in their ability to detect deepfakes

Technical implementation guide: Securing Salesforce under DORA requirements

Best Windows apps this week

Why zero trust can't be fully trusted

Apple's approach to MDM and what we can learn from it [Q&A]

TEAMGROUP unveils T-FORCE GA PRO PCIe 5 SSD with blazing 10,000MB/s read speed

WhatsApp now offers voice message transcripts

Most Commented Stories

What happens to Linux when Linus Torvalds dies?

24 Comments

Windows 10: Microsoft reveals how much you'll need to pay to keep receiving updates

20 Comments

Bluesky thinking -- why left-wingers are leaving X and why X will get over it

16 Comments

The Guardian’s exit from Elon Musk’s X shows a lack of journalistic courage

13 Comments

Unnecessary replacement of hardware leads to higher costs and growing waste problem

9 Comments

Tech leaders congratulate Donald Trump on 2024 election victory

8 Comments

Frustrated with Windows 11? The stunning Nitrux Linux 3.7.1 is the OS you deserve

7 Comments

Apple launches new compact Mac mini with M4 and M4 Pro chips

7 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.