Wednesday, July 18, 2007

Mozilla Patches Firefox

Just now, Firefox prompted me to upgrade to Firefox 2.0.0.5. I was quite surprised, since usually automatic updates comes 1-2 days after some public site announce them. So Mozilla team has patched Firefox (and probably newer version of Thunderbird will follow as well) for security vulnerabilities, including IE Call which could affect Firefox. They also fix several memory corruptions bug and there were a lot of them. For all of the bug fixed in 2.0.0.5, here you go (taken from Mozilla Security Advisories):
MFSA 2007-25 XPCNativeWrapper pollution
MFSA 2007-24 Unauthorized access to wyciwyg:// documents
MFSA 2007-23 Remote code execution by launching Firefox from Internet Explorer
MFSA 2007-22 File type confusion due to %00 in name
MFSA 2007-21 Privilege escallation using an event handler attached to an element not in the document
MFSA 2007-20 Frame spoofing while window is loading
MFSA 2007-19 XSS using addEventListener and setTimeout
MFSA 2007-18 Crashes with evidence of memory corruption

No comments:

Post a Comment