離Firefox 2.0.0.11約2個月，Firefox更新版本Firefox 2.0.0.12的正式版在美國時間2月7日正式開放下載，這次修正了跨站,網址重導等安全性問題，以及記憶體洩露導致的當機。

官方強烈建議所有用戶也更新到Firefox 2.0.0.12，使用Windows平台的用戶，可以點選Mozilla方面釋出的Firefox 2.0.0.12 繁體中文正式版下載連結，這也是目前官方推薦給Windows平台的最主要Firefox瀏覽器版本。另外，Linux與Mac OS平台的版本也開放更新下載。

這次修正的安全性問題如下:

MFSA 2008-11 Web forgery overwrite with div overlay
MFSA 2008-10 URL token stealing via stylesheet redirect
MFSA 2008-09 Mishandling of locally-saved plain text files
MFSA 2008-08 File action dialog tampering
MFSA 2008-06 Web browsing history and forward navigation stealing
MFSA 2008-05 Directory traversal via chrome: URI
MFSA 2008-04 Stored password corruption
MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
MFSA 2008-02 Multiple file input focus stealing vulnerabilities
MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)

版本 2.0.0.12+2nobinonly+2-0ubuntu1：

  [ Alexander Sack ]
  * New stability upstream release (v2.0.0.12)
  * MFSA 2008-01 aka CVE-2008-0412: Crashes with evidence of memory corruption
    v1.8.1.12 (Browser crashes)
  * MFSA 2008-01 aka CVE-2008-0413: Crashes with evidence of memory corruption
    v1.8.1.12 (javascript crashes)
  * MFSA 2008-02 aka CVE-2008-0414: Multiple file input focus stealing
    vulnerabilities: 1. Focus shifting bugs and 2. Selective keystroke
    blocking bugs
  * MFSA 2008-03 aka CVE-2008-0415: Privilege escalation, XSS, Remote Code
    Execution (JavaScript privilege escalation bugs)
  * MFSA 2008-04 aka CVE-2008-0416: Multiple XSS vulnerabilities from
    character encoding
  * MFSA 2008-05 aka CVE-2008-0417: Stored password corruption
  * MFSA 2008-06 aka CVE-2008-0418: Directory traversal via chrome: URI
  * MFSA 2008-07 aka CVE-2008-0419: Web browsing history and forward
    navigation
    stealing
  * MFSA 2008-08 aka CVE-2008-0420: Possible information disclosure in BMP
    decoder
  * MFSA 2008-09 aka CVE-2008-0591: File action dialog tampering
  * MFSA 2008-10 aka CVE-2008-0592: Mishandling of locally-saved plain text
    files
  * MFSA 2008-11 aka CVE-2008-0593: URL token stealing via stylesheet redirect
  * MFSA 2008-12 aka CVE-2008-0594: Web forgery overwrite with div overlay
  * updated diverged patches
    - debian/patches/ubuntu-look-and-feel-patch.patch
    - debian/patches/configure-autoconf2-13-reconfigure.patch
    - debian/patches/series
  * remove patches applied upstream
    - debian/patches/bz391028_att284556.patch

由 ivan 發表於 7:06 PM | 文章分類: 數位科技, software, www | 標籤列表: firefox, 瀏覽器

迴響留言 | 引用列表 | 友善列印
« 暖暖的羊毛被 | 優格網首頁 | 祝福全球農曆新年快樂 »

迴響留言
尚無迴響

張貼迴響:

名稱
電子郵件
網址
記住我?

引用列表
本篇文章引用網址: http://yblog.org/api/trackback/?id=7995
沒有引用

訪客來源網址(外部):

• http://moto.debian.org.tw/ (41)
• http://www.google.com/reader/view/ (10)
• http://moto.debian.org.tw/index.php (6)
• http://search.live.com/...&form=livsop (5)
• http://image.yodao.com/ (5)
• http://www.google.com.tw/ig (3)
• http://blog.roodo.com/rasheed/ (3)
• http://portable.easylife.idv.tw/ (3)
• http://www.gomy.com.tw/...ffiliate_id=4559 (3)
• http://www.google.com/ig (2)