15 July, 2005

Firefox 1.0.5

Firefox 1.0.5 is now out.

This version includes security fixes:

  • Code execution through shared function objects

  • XHTML node spoofing

  • Javascript prompt origin spoofing

  • Standalone applications can run arbitrary code through the browser

  • Same origin violation: frame calling top.focus

  • The return of frame-injection spoofing

  • Possibly exploitable crash in InstallVersion.compareTo

  • Script injection from Firefox sidebar panel using data

  • Same-origin violation with InstallTrigger callback

  • Code execution via "Set as Wallpaper"

  • XBL scripts ran even when Javascript disabled

  • Content-generated event vulnerabilities


2005-07-18 Update: You may want to wait a few days for the Firefox 1.0.6 to be released. It appears that there is a security flaw with the API in Firefox 1.0.5. You can get more from the eWeek.com posting 'Firefox Flaw Leads to Upgrade Encore.'
-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Challenging myself to learn something new

I have recently set a big challenge for myself. I want to know about Machine Learning . To add to the challenge, I am trying out usin...