Mozilla 1.7.6 Released

Mozilla is an open-source Web browser, designed for standards compliance, performance and portability.

Mozilla is a cousin to Netscape Communicator that is being developed by the Free Software Community with the cooperation and support of Netscape. What’s New in This Release:



· Drag and drop loading of privileged XUL

  · GIF heap overflow parsing Netscape extension 2

  · Internationalized Domain Name (IDN) homograph spoofing

  · Unsafe /tmp/plugtmp directory exploitable to erase user’s files

  · Plugins can be used to load privileged content

  · Cross-site scripting by dropping javascript: link on tab

  · Image drag and drop executable spoofing

  · HTTP auth prompt tab spoofing

  · Download dialog source spoofing

  · Overwrite arbitrary files downloading .lnk twice

  · XSLT can include stylesheets from arbitrary hosts

  · Memory overwrite in string library

  · Install source spoofing with user:pass@host

  · Spoofing download and security dialogs with overlapping windows

  · Heap overflow possible in UTF8 to Unicode conversion

  · SSL “secure site” indicator spoofing

  · Window Injection Spoofing

Download