離Firefox 2.0.0.11約2個月,Firefox更新版本Firefox 2.0.0.12的正式版在美國時間2月7日正式開放下載,這次修正了跨站,網址重導等安全性問題,以及記憶體洩露導致的當機。
官方強烈建議所有用戶也更新到Firefox 2.0.0.12,使用Windows平台的用戶,可以點選Mozilla方面釋出的Firefox 2.0.0.12 繁體中文正式版下載連結,這也是目前官方推薦給Windows平台的最主要Firefox瀏覽器版本。另外,Linux與Mac OS平台的版本也開放更新下載。
這次修正的安全性問題如下:
MFSA 2008-11 Web forgery overwrite with div overlay
MFSA 2008-10 URL token stealing via stylesheet redirect
MFSA 2008-09 Mishandling of locally-saved plain text files
MFSA 2008-08 File action dialog tampering
MFSA 2008-06 Web browsing history and forward navigation stealing
MFSA 2008-05 Directory traversal via chrome: URI
MFSA 2008-04 Stored password corruption
MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
MFSA 2008-02 Multiple file input focus stealing vulnerabilities
MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
版本 2.0.0.12+2nobinonly+2-0ubuntu1:
[ Alexander Sack ]
* New stability upstream release (v2.0.0.12)
* MFSA 2008-01 aka CVE-2008-0412: Crashes with evidence of memory corruption
v1.8.1.12 (Browser crashes)
* MFSA 2008-01 aka CVE-2008-0413: Crashes with evidence of memory corruption
v1.8.1.12 (javascript crashes)
* MFSA 2008-02 aka CVE-2008-0414: Multiple file input focus stealing
vulnerabilities: 1. Focus shifting bugs and 2. Selective keystroke
blocking bugs
* MFSA 2008-03 aka CVE-2008-0415: Privilege escalation, XSS, Remote Code
Execution (JavaScript privilege escalation bugs)
* MFSA 2008-04 aka CVE-2008-0416: Multiple XSS vulnerabilities from
character encoding
* MFSA 2008-05 aka CVE-2008-0417: Stored password corruption
* MFSA 2008-06 aka CVE-2008-0418: Directory traversal via chrome: URI
* MFSA 2008-07 aka CVE-2008-0419: Web browsing history and forward
navigation
stealing
* MFSA 2008-08 aka CVE-2008-0420: Possible information disclosure in BMP
decoder
* MFSA 2008-09 aka CVE-2008-0591: File action dialog tampering
* MFSA 2008-10 aka CVE-2008-0592: Mishandling of locally-saved plain text
files
* MFSA 2008-11 aka CVE-2008-0593: URL token stealing via stylesheet redirect
* MFSA 2008-12 aka CVE-2008-0594: Web forgery overwrite with div overlay
* updated diverged patches
- debian/patches/ubuntu-look-and-feel-patch.patch
- debian/patches/configure-autoconf2-13-reconfigure.patch
- debian/patches/series
* remove patches applied upstream
- debian/patches/bz391028_att284556.patch
由 ivan 發表於 7:06 PM | 文章分類: 數位科技, software, www | 標籤列表: firefox, 瀏覽器
尚無迴響
本篇文章引用網址: http://yblog.org/api/trackback/?id=7995
沒有引用
- https://tw.search.yahoo.com/ (6)
- http://yblog.org (4)
- http://www.sogou.com/ (2)
- https://r.search.yahoo....h6dhkbprab0b8se- (1)
- http://tinyurl.com/ (1)
- https://r.search.yahoo....waqcqn.prgrwqzm- (1)
- http://r.search.yahoo.c...z2qkbjbv.ikfz4u- (1)
- http://tinyurl.com/ywndcq (1)
- http://teen.eurovids.us/ (1)
- http://www.sogou.com/so...9976712748&l (1)
- http://www.sogou.com/so...%b5%8f%e8%a7%88% (1)
- http://r.search.yahoo.c...tcz8dk2rab3ykom- (1)
- tinyurl.com/ywndcq (1)
- http://www.google.com.t...hiherlyaolxxvdje (1)
- http://r.search.yahoo.c...iss8ilrpcmiy0vu- (1)
« TwitterFox 1.4.3釋出,支援Firefox 3 | 優格網首頁 | 祝福全球農曆新年快樂 »