Mozilla issues important patch to stop Firefox triggering Windows 10's drive corruption flaw

Firefox

A few weeks ago, we wrote about a bug in Windows 10 which could lead to an NTFS drive being formatted simply by opening a folder. The issue affects the $i30 NTFS attribute, and it can be triggered in Explorer as well as web browsers.

Now Mozilla has released a key update to Firefox which prevents it from activating the bug. To be protected, you need to be running at least Firefox 85.0.1.

See also:

Advertisement

Ordinarily, the bug could be triggered by running the command cd c:\:$i30:$bitmap, but it could also be caused by simply opening a specially crafted folder. If a folder includes a shortcut file with its icon location set to c:\:$i30:$bitmap, merely viewing the contents of a folder is enough to corrupt a drive.

When the bug was discovered, Bleeping Computer reported that a web browser opening a file that references file:///C:/:$i30:$bitmap could also trigger corruption. Now the site shares news of the Firefox update which means Mozilla's browser can no longer be abused in this way. The company says that the update stops Firefox from accessing "NTFS special paths that could lead to filesystem corruption".

The changelog for Firefox 85.0.1 is as follows:

  • Prevent access to NTFS special paths that could lead to filesystem corruption.
  • Fixed a crash when authenticating to websites using SPNEGO on macOS devices with Apple Silicon CPUs (bug 1685427).
  • Avoid printing an extra blank page at the end of some documents (bug 1689789).
  • Fixed a browser crash in case of unexpected Cache API state (bug 1684838).
  • Fixed external URL scheme handlers when using the Firefox flatpak (bug 1688966)

While Microsoft has yet to issue a patch of its own for Windows 10, an unofficial third-party fix was released by security developers.

3 Responses to Mozilla issues important patch to stop Firefox triggering Windows 10's drive corruption flaw

© 1998-2021 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.