Topic: Firefox v1.01 is out  (Read 1900 times)

0 Members and 1 Guest are viewing this topic.

Offline Monty

  • Lt. Junior Grade
  • *
  • Posts: 123
  • Gender: Male
Firefox v1.01 is out
« on: February 25, 2005, 05:09:38 am »
http://www.mozilla.org/products/firefox/releases/

What's New 1.0.1

Here's what's new in Firefox 1.0.1:

    * Improved stability
    * International Domain Names are now displayed as punycode.

      To show International Domain Names in Unicode, set the "network.IDN_show_punycode" preference to false.
    * Several security fixes.

not sure if that means the IDN spoofing flaw is definately fixed or not... anyone know?

Offline Sethan

  • Justiciar
  • Captain
  • *
  • Posts: 6670
  • Gender: Male
Re: Firefox v1.01 is out
« Reply #1 on: February 25, 2005, 08:36:41 am »
Yep, that was the fix for it.
It is the mark of an educated mind to be able to entertain a thought without accepting it. --Aristotle

Offline Nemesis

  • Captain Kayn
  • Global Moderator
  • Commodore
  • *
  • Posts: 13067
Re: Firefox v1.01 is out
« Reply #2 on: February 25, 2005, 05:48:55 pm »
Full list of fixes.

Quote
Fixed in Firefox 1.0.1
MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-22 Download dialog spoofing using Content-Disposition header
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-19 Autocomplete data leak
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing


Download Link
Do unto others as Frey has done unto you.
Seti Team    Free Software
I believe truth and principle do matter. If you have to sacrifice them to get the results you want, then the results aren't worth it.
 FoaS_XC : "Take great pains to distinguish a criticism vs. an attack. A person reading a post should never be able to confuse the two."

Offline toasty0

  • Application.Quit();
  • Captain
  • *
  • Posts: 8045
  • Gender: Male
Re: Firefox v1.01 is out
« Reply #3 on: February 26, 2005, 10:48:53 am »
Full list of fixes.

Quote
Fixed in Firefox 1.0.1
MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-22 Download dialog spoofing using Content-Disposition header
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-19 Autocomplete data leak
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing


Download Link


MFSA 2005-14 SSL "secure site" indicator spoofing

Holy Hotfixes, Digital Man, that was a bad one. Glad they fixed it!
MCTS: SQL Server 2005 | MCP: Windows Server 2003 | MCTS: Microsoft Certified Technology Specialist | MCT: Microsoft Certified Trainer | MOS: Microsoft Office Specialist 2003 | VSP: VMware Sales Professional | MCTS: Vista