[wplug] Firefox 0.9.3
Devin Lee Drew
dLd at pobox.com
Thu Sep 16 15:51:53 EDT 2004
> Just a quick hit: is anyone else using Mozilla Firefox 0.9.3 and, if so,
> has anyone had any problems with crashing? It seems to be tied to sites
> with forms in them and only if I switch window focus to and from
> Mozilla. I'm fairly certain it's something on my end, but I figured I'd
> ask before I started digging too deep.
Update.
http://www.securityfocus.com/archive/1/375225/2004-09-13/2004-09-19/0
Overview
--------
Firefox Preview Release, Thunderbird 0.8, and Mozilla 1.7.3 are
available for download at www.mozilla.org since Sept 13 and 14. These
releases fix 7 critical security issues, detailed on the "Known
Vulnerabilities in Mozilla" page:
http://www.mozilla.org/projects/security/known-vulnerabilities.html
Three of these issues are rated at maximum level "Severity: Critical"
and "Risk: High":
* Non-ascii hostname heap overrun (reported by Mats Palmgren, Gaël
Delalleau)
A link with a non-ascii hostname can cause a heap buffer overrun that
could potentially be exploited to run arbitrary code.
* BMP integer overflow (reported by Gaël Delalleau)
Extremely wide BMP images trigger an integer overflow, leading to
heap overruns that are potentially exploitable to run arbitrary code.
* Buffer overflow when displaying VCard (reported by Georgi Guninski)
A stack buffer overrun in VCard display routines could be exploited
to run arbitrary code supplied by the attacker.
.
.
.
More information about the wplug
mailing list