Tuesday, June 30th, 2009 Firefox 3.5 is based on the Gecko 1.9.1 rendering platform, which has been under development for the past year. Firefox 3.5 offers many changes over the previous version, supporting new web technologies, improving performance and ease of use.Some of the notable features are:Support for the HTML5 <video> and <audio> ...
Posted in Internet, Privacy, Security, Software | No Comments
Tuesday, June 23rd, 2009 For several years, Cross-Site Scripting (XSS) attacks have plagued many of the web’s most popular sites and victimized their users. At Mozilla, we’ve been working for the last year on a new technology called Content Security Policy, designed to shut these attacks down. We wanted to give a bit of ...
Posted in Coding, Internet, Security | No Comments
Thursday, June 11th, 2009 Firefox 3.0.11 fixes several security issues found in Firefox 3.0.10:JavaScript chrome privilege escalation
XUL scripts bypass content-policy checks
Incorrect principal set for file: resources loaded via location bar
Arbitrary code execution using event listeners attached to an element whose owner document is null
Race condition while accessing the private data of a NPObject JS wrapper ...
Posted in Internet, Linux, Security, Windows | No Comments
Tuesday, April 21st, 2009 Firefox 3.0.9 fixes several security issues found in Firefox 3.0.8:Firefox allows Refresh header to redirect to javascript: URIs
POST data sent to wrong site when saving web page with embedded frame
Malicious search plugins can inject code into arbitrary sites
Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString
XSS hazard using third-party stylesheets and XBL bindings
Same-origin violations ...
Posted in Internet, Linux, Privacy, Security, Software, Windows | No Comments
Thursday, March 26th, 2009 Mozilla Firefox is prone to a remote memory-corruption vulnerability.An attacker can exploit this issue to execute arbitrary code within the context of the affected browser. Failed exploit attempt will result in a denial-of-service condition.The following proof of concept is available:http://www.securityfocus.com/data/vulnerabilities/exploits/2009-ffox-poc.tar.gz
Posted in Coding, Internet, Security, Software | 1 Comment
