greg hughes - dot net - Firefox 1.0.3 released, has three critical security fixes

Sunday, 17 April 2005

Firefox 1.0.3 released, has three critical security fixes

There's another new version of the Firefox web browser out. You know, it's a good browser, but the number one problem I have with Firefox is a lack of automated, verifiable security patching... Plus apparently you have to download a whole new version to update it, and the release notes known issues section says not to install it over an older version:

"Prior to installing Firefox 1.0.3, please ensure that the directory you've chosen to install into is clean and doesn't contain any previous Firefox installations."

Anyhow... The following security issues are fixed in v1.0.3, so if you are using Firefox, go get it now:

Severity key: critical, high, moderate, low

MFSA 2005-33 Javascript "lambda" replace exposes memory contents
MFSA 2005-34 javascript: PLUGINSPAGE code execution
MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege context
MFSA 2005-36 Cross-site scripting through global scope pollution
MFSA 2005-37 Code execution through javascript: favicons
MFSA 2005-38 Search plugin cross-site scripting
MFSA 2005-39 Arbitrary code execution from Firefox sidebar panel II
MFSA 2005-40 Missing Install object instance checks
MFSA 2005-41 Privilege escalation via DOM property overrides

Add/Read: Comments [0]

IT Security | Tech

Sunday, 17 April 2005 09:16:08 (Pacific Standard Time, UTC-08:00)

Trackback

Referred by:
http://search.daum.net/ [Referral]
http://www.greghughes.net/ [Referral]

Comments are closed.

"Computers used to take up entire buildings, now they just take up our entire lives."

- Unknown

"So how do you know what is the right path to choose to get the result that you desire? And the honest answer is this... You won't. And accepting that greatly eases the anxiety of your life experience."

- Jon Stewart

Syndication [XML] and .net Alerts

For lazy, highly-technical or enlightened people, get this site's content without the use of a web browser. I use FeedDemon for this, but you can choose your own.

Subscribe - click the icon for my feed

... or sign up for Microsoft Alerts to receive updates through your MSN Messenger, e-mail, or mobile device. Click the orange button thingie to sign up with your Passport account:

Contact

Drop me an email:

Send mail to the author(s)

Phone: 503-766-2258
Add me to MSN Messenger

Monthly Archive

November, 2011 (1)

October, 2011 (7)

April, 2011 (1)

January, 2011 (2)

December, 2010 (3)

November, 2010 (2)

October, 2010 (1)

September, 2010 (1)

June, 2010 (13)

April, 2010 (10)

February, 2010 (1)

January, 2010 (2)

December, 2009 (1)

November, 2009 (2)

September, 2009 (2)

August, 2009 (1)

April, 2009 (3)

March, 2009 (5)

February, 2009 (1)

January, 2009 (10)

December, 2008 (7)

November, 2008 (7)

October, 2008 (18)

September, 2008 (18)

August, 2008 (18)

July, 2008 (35)

June, 2008 (16)

April, 2008 (16)

March, 2008 (22)

February, 2008 (32)

January, 2008 (9)

December, 2007 (6)

November, 2007 (4)

October, 2007 (19)

September, 2007 (36)

August, 2007 (19)

July, 2007 (17)

June, 2007 (16)

April, 2007 (11)

March, 2007 (5)

February, 2007 (14)

January, 2007 (16)

December, 2006 (16)

November, 2006 (4)

October, 2006 (23)

September, 2006 (14)

August, 2006 (21)

July, 2006 (34)

June, 2006 (25)

April, 2006 (20)

March, 2006 (17)

February, 2006 (34)

January, 2006 (30)

December, 2005 (23)

November, 2005 (39)

October, 2005 (30)

September, 2005 (49)

August, 2005 (31)

July, 2005 (21)

June, 2005 (35)

April, 2005 (54)

March, 2005 (60)

February, 2005 (27)

January, 2005 (59)

December, 2004 (70)

November, 2004 (58)

October, 2004 (55)

September, 2004 (64)

August, 2004 (53)

July, 2004 (65)

June, 2004 (50)

April, 2004 (26)

March, 2004 (20)

February, 2004 (26)

January, 2004 (28)

December, 2003 (12)

October, 2003 (8)

September, 2003 (11)

August, 2003 (1)

On this page

Search and Translate this Site

Blog Posting Categories

Navigation Links

About Greg Hughes

Archive of all entries

NWFusion Compendium [of tech info]

news.com RSS feeds

Blogroll

Scott Adams' Dilbert Blog

Scott Adams is the creator of Dilbert, and his blog is an incredibly smart, clever and often funny (sometimes very serious) look at the world. Everyone should read this blog.

Alex is a former coworker who blogs about a variety of IT-related topics.

Brent is a cool dude and a great QA guy that I used to work with. His blog is, appropriately, focused on QA and testing technology.

Chris was formerly my boss at work and is an avid board gamer and photographer. He always has some new info about top-notch board games you may have never heard of, so if you're into them, you should check out this blog.

Lockergnome by trade, Chris is always up to something new. If you are not familiar with the Lockergnome newsletters, be sure to check them out, too.

Matthew Lapworth

Matt's a software developer and friend. He seems to enjoy extreme sports. That's fine as long as he doesn't, like, die or something.

Milind writes about all sorts of interesting stuff. We worked toegther for eight years, and he worked at our employer longer than I, which pretty much makes him old as dirt in company time. :)

MSFT Security Bulletins [RSS]

RSS feed for all Microsoft security bulletins provides an always-up-to-date list of updates along with complete descriptions of each.

Rory Blyth is one of the funniest and most thought-provoking bloggers I read. And I blame him for everything. Literally.

Scott Hanselman

Scott's computerzen blog is a popular spot for all things .NET and innovative. I used to work with him, but then he went off to Microsoft. He's one of the smartest guys I know, and arguably the best technical presenter around.

Sign In

Who Links Here

Total Posts: 1888
This Year: 0
This Month: 0
This Week: 0
Comments: 3447