Mozilla issues important patch to stop Firefox triggering Windows 10's drive corruption flaw

3 Comments
Firefox

A few weeks ago, we wrote about a bug in Windows 10 which could lead to an NTFS drive being formatted simply by opening a folder. The issue affects the $i30 NTFS attribute, and it can be triggered in Explorer as well as web browsers.

Now Mozilla has released a key update to Firefox which prevents it from activating the bug. To be protected, you need to be running at least Firefox 85.0.1.

See also:

Ordinarily, the bug could be triggered by running the command cd c:\:$i30:$bitmap, but it could also be caused by simply opening a specially crafted folder. If a folder includes a shortcut file with its icon location set to c:\:$i30:$bitmap, merely viewing the contents of a folder is enough to corrupt a drive.

When the bug was discovered, Bleeping Computer reported that a web browser opening a file that references file:///C:/:$i30:$bitmap could also trigger corruption. Now the site shares news of the Firefox update which means Mozilla's browser can no longer be abused in this way. The company says that the update stops Firefox from accessing "NTFS special paths that could lead to filesystem corruption".

The changelog for Firefox 85.0.1 is as follows:

  • Prevent access to NTFS special paths that could lead to filesystem corruption.
  • Fixed a crash when authenticating to websites using SPNEGO on macOS devices with Apple Silicon CPUs (bug 1685427).
  • Avoid printing an extra blank page at the end of some documents (bug 1689789).
  • Fixed a browser crash in case of unexpected Cache API state (bug 1684838).
  • Fixed external URL scheme handlers when using the Firefox flatpak (bug 1688966)

While Microsoft has yet to issue a patch of its own for Windows 10, an unofficial third-party fix was released by security developers.

3 Comments

3 Responses to Mozilla issues important patch to stop Firefox triggering Windows 10's drive corruption flaw

Got News? Contact Us

Recent Headlines

AI-ttack of the Clones: The rise and risks of AI scams

Sabrent launches Rocket NANO 2242 SSD (SB-2142-1TB)

Third-party data breaches rise almost 50 percent

Cheeseheads rejoice: Joe Biden and Microsoft melt $3.3 Billion into Wisconsin's AI future!

Companies not ready for new European accessibility regulations

AI driving increase in modernization spend

Get 'PowerShell 7 Workshop' (worth $35.99) for FREE

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.1

80 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

25 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

21 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

18 Comments

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

17 Comments

Linux fan develops a fricking amazing tool to remove all ads from Windows 11

16 Comments

Switch to Linux Lite 7.0 from Windows 11

15 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.