FireFox 1.0.1
Mozilla ha liberado la versión oficial de su navegador FireFox: versión 1.0.1, misma que corrige 17 vulnerabilidades y el problema de phishing (que afectaba no sólo a FireFox pero curiosamente no al Explorer de Microsoft).
Se corrigen las siguientes vulneabilidades (vía Hispasec):
* MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
* MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user’s files
* MFSA 2005-27 Plugins can be used to load privileged content
* MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
* MFSA 2005-25 Image drag and drop executable spoofing
* MFSA 2005-24 HTTP auth prompt tab spoofing
* MFSA 2005-23 Download dialog source spoofing
* MFSA 2005-22 Download dialog spoofing using Content-Disposition header
* MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
* MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
* MFSA 2005-19 Autocomplete data leak
* MFSA 2005-18 Memory overwrite in string library
* MFSA 2005-17 Install source spoofing with user:pass@host
* MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
* MFSA 2005-15 Heap overflow possible in utf-8 to Unicode conversion
* MFSA 2005-14 SSL “secure site” indicator spoofing
* MFSA 2005-13 Window Injection Spoofing
Descarga la nueva versión en el sitio de Mozilla (disponible ya en español latinoamericano).
…
Comentarios
No comments yet.
Leave a comment