mozilla links
ShareThis
Mozilla has released Firefox 2.0.0.10, an update that fixes three security vulnerabilties rated as high.
The first of the bugs may allow a cross-site scripting (XSS) attack due to an error in handling JavaScript initiated window contents changes (window.location). Another one, fixes the well publicized jar: protocol flaw that could also allow cross site scripting attacks. Mozilla has tightened the conditions for loading jar: protocol URIs:
Support for the jar: URI scheme has been restricted to files served with a
Content-Typeheader ofapplication/java-archiveorapplication/x-jar. Web applications that require signed pages must make sure their .jar archives are served with this Content-Type. Sites that allow users to upload binary files should make sure they do not allow these files to have one of these two MIME types.
There’s not much detail about the third one except it involves memory corruption.
Naturally, users are strongly encouraged to update: select Check for Updates… in the Help menu, or wait for Firefox to automatically prompt you to install the update in the next 48 hours.
[...] [Fonte]Â [...]
[...] bug in just released Firefox 2.0.0.10 affecting an important <canvas> HTML element interface (.drawImage) has prompted Mozilla [...]
“download” is not linked in:
http://mozillalinks.org/wp/2007/11/firefox-20010-fixes-jar-and-other-vulnerabilities/
but that’s not going to stop me from getting this latest release. update has happend to my office computer, new release for home standalone.
thank you.
with best regards,
-milind
[...] 30th as a ‘Firedrill’ release to correct a major regression in the just released Firefox 2.0.0.10 affecting an important <canvas> HTML element interface (.drawImage). This bug affected [...]
Where can I download the latest patches?
[...] waren schon teilweise für das neue Release angelegt. Ein Changelog konnte ich nicht finden – andere Seiten wissen da mehr. Mittlerweile ist auch der Load Balancer mit der aktuellen Firefox Version [...]