Topic: Firefox 1.02 and Thunderbird 1.02 are out. (Read 2963 times)

Nemesis · « **on:** March 23, 2005, 07:36:54 pm »

Firefox 1.02 and Thunderbird 1.02 are out.

Fixed in Firefox 1.0.2
MFSA 2005-32 Drag and drop loading of privileged XUL
MFSA 2005-31 Arbitrary code execution from Firefox sidebar panel
MFSA 2005-30 GIF heap overflow parsing Netscape extension 2
Link to Firefox Download

Fixed in Thunderbird 1.0.2
MFSA 2005-30 GIF heap overflow parsing Netscape extension 2
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
Link to Thunderbird Download

toasty0 · « **Reply #1 on:** March 23, 2005, 09:23:24 pm »

Quote from: IKV Nemesis on March 23, 2005, 07:36:54 pm

Firefox 1.02 and Thunderbird 1.02 are out.

Fixed in Firefox 1.0.2
MFSA 2005-32 Drag and drop loading of privileged XUL
MFSA 2005-31 Arbitrary code execution from Firefox sidebar panel
MFSA 2005-30 GIF heap overflow parsing Netscape extension 2
Link to Firefox Download

Fixed in Thunderbird 1.0.2
MFSA 2005-30 GIF heap overflow parsing Netscape extension 2
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
Link to Thunderbird Download

*Gulp* What were those considered before? Features?

Jerry

Nemesis · « **Reply #2 on:** March 23, 2005, 09:29:43 pm »

Quote from: toasty0 on March 23, 2005, 09:23:24 pm

*Gulp* What were those considered before? Features?

Jerry

No. That is what Microsoft calls bugs they can't fix (or can't be bothered to fix.).

Here is a list of bug fixes in IE that I found on the Microsoft site:

Quote

194242   FIX: window.open Causes Delay in NewWindow Event
218933   Custom User Agent String Not Sent by IEAK Wizard for Automatic Version Synchronization
271562   HTML Messages with Pictures Do Not Print Correctly After You Install Internet Explorer 5.5 SP1 or 6.0
281679   You cannot open a new Internet Explorer window or nothing occurs after you click a link
286043   MS01-051: Patch Available for Telnet Logging Vulnerability
294291   Open in New Window Restriction Does Not Work in History Pane When in Kiosk Mode
300829   Cannot Edit Content in Frames or Iframes with DHTML
303750   Incorrect File Name in the File Open or File Save Dialog Boxes
307978   FIX: MFC Controls in Overlapped IFRAMEs Receive Unnecessary WM_PAINT Messages
308005   Find (on This Page) Command Does Not Work with the ISO 8859 Character Set
308414   MS01-051: Patch Available for HTTP Request Encoding Vulnerability
309170   Memory leak occurs when behaviors are dynamically removed
309178   The AutoDial Procedure Stops If You Quit Internet Explorer
309456   An Access Violation Occurs in an HTML Page with a Table When You Scroll in a Small Window
310388   Data for a POST Request Is Not Downloaded Completely in a Custom MIME Viewer
310676   Internet Explorer Does Not Set a Cookie for Two-Letter Domains
311730   Data Is Not Posted Correctly by Using XMLHTTP to Send Multiple Asynchronous POSTs
312124   Problems with the WebBrowser Control in Internet Explorer 6 During Navigation
312176   Heavy NTLM Authentication Traffic Occurs Between Internet Explorer and the Proxy Server
312223   Internet Explorer 6 DHTML Class Code May Cause an Access Violation in mshtml!CTreeNode::GetFancyFormat
312461   MS01-055: Internet Explorer Cookie Data Can Be Exposed or Altered Through Script Injection
312496   Internet Explorer May Lose the First 2,048 Bytes of Data That Are Sent Back from a Web Server That Uses HTTP Compression
312536   Files That Are Not .url Files Are Deleted from the Favorites Folder
312542   HTML Forms That Are Submitted by Outlook Do Not Display Results
312590   OLEXP: An Access Violation Occurs in Outlook Express If You Click Cancel When You Are Choosing a Message Store
313463   An Access Violation Occurs When You View Embedded HTML Messages in the Outlook Preview Pane
313675   MS01-058: File Vulnerability Patch for Internet Explorer 5.5 and Internet Explorer 6
314209   You Cannot Access the Location Object of the Parent from a Child Window
314312   Text Input May Be Slow If You Use the Japanese Input Method Editor
315466   Access Violation in Wininet.dll When a Programs Calls InternetSetOption
315699   Internet Explorer Incorrectly Represents the Euro Character as &#8364 Instead of 0x80
315712   Access Violation Error Message When You Navigate Through HTA or XML Documents
315713   Cookies Are Lost When You Use FILE:// URL Method in Window.Open
316059   MS02-005: February 11, 2002, Cumulative Patch for Internet Explorer
316116   You cannot manage Internet Explorer 6 Group Policy settings on a Windows 2000-based computer
316593   The DocumentComplete Event May Not Be Triggered When You Open a New Browser Window
317244   MS02-008: XMLHTTP Control in MSXML 4.0 Can Allow Access to Local Files
317726   MS02-005: Patch Is Available for the GetObject() Scripting Function Vulnerability
317727   MS02-005: Patch Is Available for the Application Invocation via Content-Type Field Vulnerability
317729   MS02-005: Patch Is Available for a New Variant of the "Frame Domain Verification" Vulnerability
317731   MS02-005: Patch Is Available for the Buffer Overrun in HTML Directive Vulnerability
317742   MS02-005: Patch Is Available for the Script Execution Vulnerability
317745   MS02-005: Patch Is Available for File Download Dialog Box Spoofing Vulnerability
318089   MS02-009: Incorrect VBScript Handling in Internet Explorer Can Allow Web Pages to Read Local Files
318203   MS02-008: XMLHTTP Control in MSXML 3.0 Can Allow Access to Local Files
318382   The document.open Method with Replace Does Not Work in Frameset
318426   FIX: Security Patch (Q316059) Crashes Internet Explorer When You Call execScript
318666   Internet Explorer Maintenance Policies May Cause an Access Violation in Winlogon
319032   An Error Message Occurs If You Click "Save Target As" for a Link
319182   MS02-015: March 28, 2002 Cumulative Patch for Internet Explorer
319235   MS02-015: Update Available for Local File Execution Vulnerability in Internet Explorer
319236   MS02-015: Update Available for Script Execution Vulnerability in Internet Explorer
319303   Internet Explorer Navigation Sound Update
319554   Help and Support Center Does Not Display Information About Remote Computers
319792   Back Navigation on POST Causes Re-POST in Internet Explorer 6
320882   Internet Explorer May Display Only Part of an EMF Image
321156   FtpPutFile Returns Success Although the Operation Fails in Internet Explorer
321232   MS02-023: May 15, 2002, Cumulative Patch for Internet Explorer
321268   Internet Explorer Calculates the Web Page Window Size Incorrectly
321276   Server.CreateObject() for a WSC Component in ASP Pages Does Not Work in Windows XP
321530   Outlook Express Quits Unexpectedly When You Receive a Message That Has a Special MIME Header
321532   FIX: Mixed security warning message appears when the POST method is used to stream a PDF file over HTTPS
321598   Security Zone Settings Are Not Applied in Internet Explorer 6
321722   Content with "Content-Encoding: gzip" Is Always Cached Although You Use "Cache-Control: no-cache"
322822   NTLM Authentication Does Not Work If Internet Explorer Is Configured to Use HTTP 1.1 Through Proxy Connections
322918   Cannot Open a .pdf File with the File:// Protocol If the Address Contains a "#" Character
322921   MS02-023: Patch Available for Cross-Site Scripting in Local HTML Resource Vulnerability
322923   MS02-023: Patch Available for Zone Spoofing Through Malformed Web Page Vulnerability
322924   MS02-023: Patch Available for Local Information Disclosure Through HTML Element Vulnerability
322926   MS02-023: Patch Available for Script in Cookies Reading Cookies Vulnerability
322927   MS02-023: Patch Available for Variants of the Content Disposition Vulnerability
322928   MS02-023: Patch Available to Disable Frames in the Restricted Sites Zone
323308   Internet Explorer file downloads over SSL do not work with the cache control headers
323395   Internet Explorer NoHelpMenu and NoViewSource Policies Do Not Work with Internet Explorer 6
323686   100 Percent CPU Utilization When You Use DHTML to Add Cells to a Table
323759   MS02-047: August 22, 2002, Cumulative Patch for Internet Explorer
324029   You Receive Multiple Security Alert Messages About Redirection to a Nonsecure Site
324404   Shortcut Menus Remain Visible in Internet Explorer Help After You Turn Off Shortcut Menus
325662   NTLM Authentication Over an SSL Connection Does Not Work in Internet Explorer 6
326853   Non-URL Files Are Deleted from the Favorites Folder
327258   FIX: Hebrew text in a confirmation dialog box or in a message box appears incorrectly in Internet Explorer 6
327315   Return Value of ShowModalDialog Is Always Set to UNDEFINED for the About: Protocol In Internet Explorer 6.0
327496   Windows XP RSoP Shows Incorrect Source GPO for Internet Explorer Policy Settings
327543   Internet Explorer Quits When You Run AccEvent32.exe
327708   Specifying the Number of Copies in a Printer Template Does Not Work
327716   Caching Problems with Compressed Pages in a Frameset
327980   The New Connection Wizard Does Not Set the "Always Dial My Default Connection" Setting
328676   MS02-058: OLEXP: An Unchecked Buffer in Outlook Express S/MIME Parsing May Permit System Compromise
329130   Source Code Is Not Available Error Message When Debugging an .inc File with Visual InterDev 6.0
329160   Content Advisor Displays Warning for Script URL
330338   Additional Prompts for a Client Certificate with Internet Explorer 6 Service Pack 1

toasty0 · « **Reply #3 on:** March 24, 2005, 08:59:28 am »

LOL..."rabid" would be an understatement in describing your feelings about Microsoft.

I have to ask, do you see yourself as a modern day Luther-like figure trudging through the snow to nail the Ninety-Five Theses to the door of the Wittenberg Church? (a link )

I don't mean any disrepect here. Don't you tihink it is getting just a bit comical that every time someone mentions a flaw in a non-ms product, no matter how oblique or tangential to Microsoft, you trot out some link or list about ms or one of its products to bolster your anti-MS rhetoric.

Jerry

Pestalence_XC · « **Reply #4 on:** March 24, 2005, 10:29:28 am »

Nemisis.. find the fix list to this browser :

MSIE Version: 6.0.2900.2180.xpsp_sp2_rtm.040803-2158
Cipher Strength: 128-bit
Update Version: SP2
Copywright 2004

Based on NCSA Mosaic. NCSA Mosaic(TM); was developed at the National Center for Supercomputing Applications at the University of Illinois at Urbana-Champaign.
Distributed under a licensing agreement with Spyglass, Inc.
Contains security software licensed from RSA Data Security Inc.
Portions of this software are based in part on the work of the Independent JPEG Group.
Multimedia software components, including Indeo(R); video, Indeo(R) audio, and Web Design Effects are provided by Intel Corp.

Grim · « **Reply #5 on:** March 24, 2005, 12:21:46 pm »

Thanks for providing the links to the latest updates Nemesis

Nemesis · « **Reply #6 on:** March 24, 2005, 07:01:54 pm »

Quote from: Grim on March 24, 2005, 12:21:46 pm

Thanks for providing the links to the latest updates Nemesis

You are welcome. Those like you and I who use this software are the ones I made the original post for. I downloaded it myself and will install it on Friday.

News: