Dynaverse.net

Off Topic => Engineering => Topic started by: Monty on February 25, 2005, 05:09:38 am

Title: Firefox v1.01 is out
Post by: Monty on February 25, 2005, 05:09:38 am

http://www.mozilla.org/products/firefox/releases/

What's New 1.0.1

Here's what's new in Firefox 1.0.1:

    * Improved stability
    * International Domain Names are now displayed as punycode.

      To show International Domain Names in Unicode, set the "network.IDN_show_punycode" preference to false.
    * Several security fixes.

not sure if that means the IDN spoofing flaw is definately fixed or not... anyone know?

Title: Re: Firefox v1.01 is out
Post by: Sethan on February 25, 2005, 08:36:41 am

Yep, that was the fix for it.

Title: Re: Firefox v1.01 is out
Post by: Nemesis on February 25, 2005, 05:48:55 pm

Full list of fixes.

Quote

Fixed in Firefox 1.0.1
MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-22 Download dialog spoofing using Content-Disposition header
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-19 Autocomplete data leak
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing

Download Link (http://download.mozilla.org/?product=firefox-1.0.1&os=win&lang=en-US)

Title: Re: Firefox v1.01 is out
Post by: toasty0 on February 26, 2005, 10:48:53 am

Quote from: IKV Nemesis on February 25, 2005, 05:48:55 pm

Full list of fixes.

Quote

Fixed in Firefox 1.0.1
MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-22 Download dialog spoofing using Content-Disposition header
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-19 Autocomplete data leak
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing

Download Link ([url]http://download.mozilla.org/?product=firefox-1.0.1&os=win&lang=en-US[/url])

MFSA 2005-14 SSL "secure site" indicator spoofing

Holy Hotfixes, Digital Man, that was a bad one. Glad they fixed it!