Since the last release, Mozilla has made public the next version of Firefox, Mozilla Firefox 1.5.0.4, which is kind of a very quick.

This release is likely to include some enhancements and several bug fixes. Nothing major changes is expected.

Change Log:

• - Privilege escalation using addSelectionListener
• - Web site XSS using BOM on UTF-8 pages
• - File stealing by changing input type (variant)
• - “View Image” local resource linking (Windows)
• - Buffer overflow in crypto.signText()
• - Remote compromise via content-defined setter on object prototypes
• - PLUGINSPAGE privileged JavaScript execution 2
• - Privilege escalation through XUL persist
• - XSS viewing javascript: frames or images from context menu
• - HTTP response smuggling
• - Fixes for crashes with potential memory corruption
• - EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)

Users can download Firefox 1.5.0.4 here.

This entry was posted on Friday, June 2nd, 2006 at 4:24 am and is filed under Linux, Mac OS, Solaris, Web Apps, Windows . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.