TOOLS: Firefox v1.0.1

New version 1.0.1 of Firefox available! Install this one, it includes several security fixes.



Latest changes:

• Improved stability


• International Domain Names are now displayed as punycode


• Several security fixes


• Internationalized Domain Name (IDN) homograph spoofing


• Unsafe /tmp/plugtmp directory exploitable to erase user's files


• Plugins can be used to load privileged content


• Cross-site scripting by dropping javascript: link on tab


• Image drag and drop executable spoofing


• HTTP auth prompt tab spoofing


• Download dialog source spoofing


• Download dialog spoofing using Content-Disposition header


• Overwrite arbitrary files downloading .lnk twice


• XSLT can include stylesheets from arbitrary hosts


• Autocomplete data leak


• Memory overwrite in string library


• Install source spoofing with user:pass@host


• Spoofing download and security dialogs with overlapping windows


• Heap overflow possible in UTF8 to Unicode conversion


• SSL "secure site" indicator spoofing


• Window Injection Spoofing