myITforum.com
Welcome to myITforum.com Sign in | Join | Help
in Search
Site Home Home Bloggers List Blogs Photos Downloads

Harry Waldron at myITforum.com

Sharing Security Developments, and Best Practices for corporate and home users

Firefox 1.01 - Corrects several Security vulnerabilities

  Firefox 1.01 has been released to address several security issues.  Users should unistall the prior version, backup/delete existing profiles, and then install FF 1.01.

Security Vulnerabilities Fixed in Firefox 1.0.1

Here's what's new in Firefox 1.0.1:

  • Improved stability
  • International Domain Names are now displayed as punycode. (To show International Domain Names in Unicode, set the "network.IDN_show_punycode" preference to false.)
  • Several security fixes.

MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-22 Download dialog spoofing using Content-Disposition header
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-19 Autocomplete data leak
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing

http://www.mozillazine.org/talkback.html?article=6129

Full Article Attached Mozilla Firefox 1.0.1 Released

Thursday February 24th, 2005 -- Mozilla Firefox 1.0.1 has just been released. A minor update, this version fixes a few security holes and some other bugs. If you're using Firefox 1.0, you want this release. The Firefox Release Notes have also been updated and The Burning Edge has an unofficial Firefox 1.0.1 changelog. Download links can be found on the official Firefox product page.

  BUG WHEN MANUALLY KEYING URLs:  If you are experiencing a crash when entering text into the address bar, you can correct the problem by removing the autocomplete.xpt file from your Firefox components directory, for example C:\Program Files\Mozilla Firefox\components. To avoid this crash, do not install a new installer package on top of an older zipped package.

HOW TO INSTALL (use this approach even if you are on version 1.0)

http://forums.mozillazine.org/viewtopic.php?t=158083

CLICK ON EITHER LINK TO DOWNLOAD

   Download

Published Feb 25 2005, 08:32 PM by hwaldron

Comments

No Comments

This Blog

Syndication
Copyright - www.myITforum.com, Inc. - 2007 All Rights reserved.
Powered by Community Server (Commercial Edition), by Telligent Systems