Al crecer su fama, crecen los intentos de hackeo, y por consecuencia comienzan a aparecer vulnerabilidades. La fama cuesta, y para Firefox no fue una excepción. La nueva versión Firefox 1.0.1 corrige 17 vulnerabilidades detectadas, las mismas son:
MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files MFSA 2005-27 Plugins can be used to load privileged content MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab MFSA 2005-25 Image drag and drop executable spoofing MFSA 2005-24 HTTP auth prompt tab spoofing MFSA 2005-23 Download dialog source spoofing MFSA 2005-22 Download dialog spoofing using Content-Disposition header MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts MFSA 2005-19 Autocomplete data leak MFSA 2005-18 Memory overwrite in string library MFSA 2005-17 Install source spoofing with user:pass@host MFSA 2005-16 Spoofing download and security dialogs with overlapping windows MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion MFSA 2005-14 SSL "secure site" indicator spoofing MFSA 2005-13 Window Injection Spoofing
Descarga de Firefox 1.0.1 : http://www.mozilla.org/products/firefox/
|