Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Firefox Has Security Update

  • Subject: Re: Firefox Has Security Update
  • From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
  • Date: Fri, 03 Feb 2006 15:09:13 +0000
  • Newsgroups: alt.html
  • Organization: schestowitz.com / MCC / Manchester University
  • References: <1138944463.602388.121890@g49g2000cwa.googlegroups.com>
  • Reply-to: newsgroups@xxxxxxxxxxxxxxx
  • User-agent: KNode/0.7.2
__/ [cwdjrxyz] on Friday 03 February 2006 05:27 \__

> The Firefox 1.5 has a security update and becomes 1.5.0.1 after the
> update. If you did not customize the update feature after you installed
> 1.5, you likely will get an automatic update. In my case I got a screen
> today that said Firefox had downloaded the update. If you did not take
> it just then, you could cancel,and it then said it would update the
> next time you turned Firefox on. That is exactly what it did with no
> option to cancel the second time.
> 
> If you wish to change the way Firefox updates, there are several
> options at tools tab > options > advanced. I was content with the
> automatic download and install.

This doesn't seem to be a crucial update
<http://www.mozilla.com/firefox/releases/1.5.0.1.html >

<quote>
Firefox 1.5.0.1 is a stability and security update that is part of our
ongoing program to provide a safe Internet experience for our customers. We
recommend that all users upgrade to this latest version.

Here's what's new in Firefox 1.5.0.1:

    * Improved stability.
    * Improved support for Mac OS X.
    * International Domain Name support for Iceland (.is) is now enabled.
    * Fixes for several memory leaks.
    * Several security enhancements.
</quote>

Also:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.1

<quote>
MFSA 2006-08  "AnyName" entrainment and access control hazard
MFSA 2006-07 Read beyond buffer while parsing XML
MFSA 2006-06 Integer overflows in E4X, SVG and Canvas
MFSA 2006-05 Localstore.rdf XML injection through XULDocument.persist()
MFSA 2006-04 Memory corruption via QueryInterface on Location, Navigator
objects
MFSA 2006-03 Long document title causes startup denial of Service
MFSA 2006-02 Changing postion:relative to static corrupts memory
MFSA 2006-01 JavaScript garbage-collection hazards
</quote>

I know MFSA 2006-03 quite well because its listing is rather amusing. If a
page contains a 4-million-character title string (which would take ages to
load), there is potential for buffer overflow and maybe a browser crash. I
think someone flagged it as a "critical" flaw at the time.

Roy

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index