Mozilla 1.7.6 Released
Mozilla is an open-source Web browser, designed for standards compliance, performance and portability.Mozilla is a cousin to Netscape Communicator that is being developed by the Free Software Community with the cooperation and support of Netscape. What’s New in This Release:
· Drag and drop loading of privileged XUL
· GIF heap overflow parsing Netscape extension 2
· Internationalized Domain Name (IDN) homograph spoofing
· Unsafe /tmp/plugtmp directory exploitable to erase user’s files
· Plugins can be used to load privileged content
· Cross-site scripting by dropping javascript: link on tab
· Image drag and drop executable spoofing
· HTTP auth prompt tab spoofing
· Download dialog source spoofing
· Overwrite arbitrary files downloading .lnk twice
· XSLT can include stylesheets from arbitrary hosts
· Memory overwrite in string library
· Install source spoofing with user:pass@host
· Spoofing download and security dialogs with overlapping windows
· Heap overflow possible in UTF8 to Unicode conversion
· SSL “secure site” indicator spoofing
· Window Injection Spoofing
Download
页:
[1]