Mozilla issues important patch to stop Firefox triggering Windows 10's drive corruption flaw
A few weeks ago, we wrote about a bug in Windows 10 which could lead to an NTFS drive being formatted simply by opening a folder. The issue affects the $i30 NTFS attribute, and it can be triggered in Explorer as well as web browsers.
Now Mozilla has released a key update to Firefox which prevents it from activating the bug. To be protected, you need to be running at least Firefox 85.0.1.
- KB4598299 and KB4598301 are the latest problematic Windows 10 updates
- Serious Windows 10 flaw could corrupt your hard drive if you open a folder
- Security researchers develop unofficial patch for drive-corrupting Windows 10 NTFS bug
Ordinarily, the bug could be triggered by running the command
cd c:\:$i30:$bitmap, but it could also be caused by simply opening a specially crafted folder. If a folder includes a shortcut file with its icon location set to
c:\:$i30:$bitmap, merely viewing the contents of a folder is enough to corrupt a drive.
When the bug was discovered, Bleeping Computer reported that a web browser opening a file that references
file:///C:/:$i30:$bitmap could also trigger corruption. Now the site shares news of the Firefox update which means Mozilla's browser can no longer be abused in this way. The company says that the update stops Firefox from accessing "NTFS special paths that could lead to filesystem corruption".
The changelog for Firefox 85.0.1 is as follows:
- Prevent access to NTFS special paths that could lead to filesystem corruption.
- Fixed a crash when authenticating to websites using SPNEGO on macOS devices with Apple Silicon CPUs (bug 1685427).
- Avoid printing an extra blank page at the end of some documents (bug 1689789).
- Fixed a browser crash in case of unexpected Cache API state (bug 1684838).
- Fixed external URL scheme handlers when using the Firefox flatpak (bug 1688966)
While Microsoft has yet to issue a patch of its own for Windows 10, an unofficial third-party fix was released by security developers.