- Fix for a potential buffer overflow vulnerability when loading a hostname
with all soft-hyphens
- Fix to prevent URLs passed from external programs from being parsed by the
shell
- Fix to prevent a crash when loading a Proxy Auto-Config (PAC) script that
uses an "eval" statement
- Fix to restore InstallTrigger.getVersion() for Extension authors
- Fix a crash in mail when stopping a search and then searching again
- Other stability and security fixes
issuses were fixed in this release:
MFSA 2005-56 Code execution through shared function objects
MFSA 2005-55 XHTML node spoofing
MFSA 2005-54 Javascript prompt origin spoofing
MFSA 2005-52 Same origin violation: frame calling top.focus()
MFSA 2005-51 The return of frame-injection spoofing
MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo()
MFSA 2005-48 Same-origin violation with InstallTrigger callback
MFSA 2005-46 XBL scripts ran even when Javascript disabled
MFSA 2005-45 Content-generated event vulnerabilities
Support for Solaris SPARC and x86 is not available due to lack of a
precompiled binary at this point of time.
issuses were fixed in this release:
MFSA 2005-44 Privilege escalation via non-DOM property overrides
MFSA 2005-43 "Wrapped" javascript: urls bypass security checks
MFSA 2005-42 Code execution via javascript: IconURL
Support for Solaris SPARC and x86 is not available due to lack of a
precompiled binary at this point of time.
make sure lib/mozilla-linux/plugins exists, even for binary packages.
Should fix moz-bin-* packages in bulk builds.
XXX: binary package still doesn't install quite a number of (empty)
directories that do get created with 'make install'.
not available yet but it includes security fixes for e.g. SA14821.
Support for Solaris SPARC and x86 is not available due to lack of a
precompiled binary at this point of time.
the following security issuses were fixed:
MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing
Support for Solaris SPARC and x86 is not available due to lack of a
precompiled binary at this point of time.
Mozilla 1.7.3 is a security update to Mozilla 1.7 that fixes a several
security vulnerabilities.
#93 "Send page" heap overrun (258005)
#92 javascript clipboard access (257523)
#91 Privilege request confusion (253942)
#90 Buffer overflow when displaying VCard (257314)
#89 BMP integer overflow (255067)
#88 javascript: link dragging (250862)
#87 non-ascii hostname heap overrun (256316)
#86 Malicious POP3 server III (245066, 226669)
#85 Wrong file permissions after installing on Linux (231083, 235781)
#84 Wrong file permissions in linux archive (254303)
See the page bellow for detail
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
- lock icon and certificate spoof with onunload document.write
(Bugzilla#253121)
- Malicious certificates can permanently break HTTPS/SSL (Bugzilla#249004)
Support for Solaris x86 is not available due to lack of a precompiled
binary at this point of time.
The full list of changes can be found at:
http://www.mozilla.org/releases/mozilla1.7/README.html
Major browser changes since 1.6:
* A new option to prevent sites from using JavaScript to block the
browser's context menu.
* A new set of icons for files that are associated with Mozilla on
Windows.
* Password Manager has a "show passwords" mode which will display
saved passwords. You will need to enter your master password if
you are using one.
* The "Set As Wallpaper" feature now has a confirmation dialog.
* Linux GTK2 builds have improved support for OS themes.
* Cookie dialogs have been reworked to make them more usable.
* Date handling, especially on OS X, has been improved.
* It is now possible to fine-tune Mozilla's pop-up blocking using
two preferences (dom.popup_maximum and dom.popup_allowed_events)
but there's no UI for that yet. Even without a UI, users should
notice a greater variety of pop-ups blocked (primarily mouseover
pop-ups) and a limit of 20 or so open at one time - regardless of
whether pop-up blocking is active. This will provide some protection
from sites that open hundreds of windows in a loop.
* Downloaded files are now moved to the target directory as soon
as the user selects the desired location. This was the frequently
reported bug 55690.
* There is now user interface to activate Smooth Scrolling (Preferences
-> Appearance).
* Mozilla now supports basic FTP upload.
changes since 1.5:
* One of the most requested Mozilla Mail features, an option to
separate the Recipient and Sender columns in the thread pane, has been
implemented.
* Another frequently requested MailNews feature, a preference for
placing the user's signature above the quoted text, has been added.
* "Remove from server after x days" has been implemented for POP3 mail
accounts.
* vCard support has been added to Mozilla Mail.
* Mozilla 1.6 includes a new cross-platform NTLM authentication
mechanism. This feature brings NTLM authentication to the non-Windows
Mozilla users for the first time and also delivers more robust and
featureful NTLM support to users of older Windows versions.
* Ask Jeeves searching has been added to Mozilla 1.6.
* "Translate Page" functionality has returned to this release of Mozilla.
* The View Source window now has reload functionality.
* Several security-related bugs were fixed in 1.6
* Chatzilla 0.9.48 has been merged, which adds RPL_ISUPPORT support,
halfop mode support, and properly masks key and password dialogs.
* Many crash bugs have been fixed.
* One step closer to the kitchen sink, about:about has been
implemented. Typing about:about in the address field will give the
user a nice list of available about:s.
* The opacity implementation was completely revamped to properly
change the opacity of all descendants as a group.
* CSS inheritance has been updated to work per CSS2.1 (computed values
are inherited).
mozilla-bin/Makefile.common and mozilla-bin-nightly/Makefile.common.
the result is much less duplication and more consistent installations.
tested on NetBSD-current only (for now).
