Mozilla has released an updated to its Firefox browser. 1.5.0.4 Is the 4th update to the 1.5 edition of the browser which was first released in November 2005. This update fixes 12 vulnerability 5 of which Mozilla have classed as critical.
Firefox should have automatically applied the update, if this feature is disabled users should download the updated version from the Mozilla website.
The 12 flaws fixed in this update are:
• MFSA 2006-43 Privilege escalation using addSelectionListener
• MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
• MFSA 2006-41 File stealing by changing input type (variant)
• MFSA 2006-39 "View Image" local resource linking (Windows)
• MFSA 2006-38 Buffer overflow in crypto.signText()
• MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
• MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2
• MFSA 2006-35 Privilege escalation through XUL persist
• MFSA 2006-34 XSS viewing javascript: frames or images from context menu
• MFSA 2006-33 HTTP response smuggling
• MFSA 2006-32 Fixes for crashes with potential memory corruption
• MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
Full information on these and past flaws can be found at http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox
Thunderbird the Mozilla e-mail client has also received an update to 1.5.0.4 which fixed 8 flaws.
|
|
Reader Comments: 0
