Sunday, July 17, 2005

Firefox 1.0.5

Mozilla Firefox 1.0.5 has been released. It fixes

  • Code execution through shared function objects
  • XHTML node spoofing
  • Javascript prompt origin spoofing
  • Standalone applications can run arbitrary code through the browser
  • Same origin violation: frame calling top.focus()
  • The return of frame-injection spoofing
  • Possibly exploitable crash in InstallVersion.compareTo()
  • Script injection from Firefox sidebar panel using data:
  • Same-origin violation with InstallTrigger callback
  • Code execution via "Set as Wallpaper"
  • XBL scripts ran even when Javascript disabled
  • Content-generated event vulnerabilities
Unfortunately it does not seem to fix the problem I am having, where Firefox locks up for about 5 minutes every hour, refreshing RSS feeds, taking almost 100% cpu time doing the refresh.

Hat tip to Dwight Silverman

Posted by Don Singleton at 9:29 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)