Yblog = yourblog,你的優質部落格。願真田幸村紅鎧策馬赤備突擊的身影,帶給我們更多的勇氣。
星期五, 二月 8, 2008
Firefox 2.0.0.12正式版釋出

Firefox 2.0.0.11約2個月,Firefox更新版本Firefox 2.0.0.12的正式版在美國時間2月7日正式開放下載,這次修正了跨站,網址重導等安全性問題,以及記憶體洩露導致的當機。

官方強烈建議所有用戶也更新到Firefox 2.0.0.12,使用Windows平台的用戶,可以點選Mozilla方面釋出的Firefox 2.0.0.12 繁體中文正式版下載連結,這也是目前官方推薦給Windows平台的最主要Firefox瀏覽器版本。另外,LinuxMac OS平台的版本也開放更新下載。

這次修正的安全性問題如下:

MFSA 2008-11 Web forgery overwrite with div overlay
MFSA 2008-10 URL token stealing via stylesheet redirect
MFSA 2008-09 Mishandling of locally-saved plain text files
MFSA 2008-08 File action dialog tampering
MFSA 2008-06 Web browsing history and forward navigation stealing
MFSA 2008-05 Directory traversal via chrome: URI
MFSA 2008-04 Stored password corruption
MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
MFSA 2008-02 Multiple file input focus stealing vulnerabilities
MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)

版本 2.0.0.12+2nobinonly+2-0ubuntu1:

  [ Alexander Sack ]
  * New stability upstream release (v2.0.0.12)
  * MFSA 2008-01 aka CVE-2008-0412: Crashes with evidence of memory corruption
    v1.8.1.12 (Browser crashes)
  * MFSA 2008-01 aka CVE-2008-0413: Crashes with evidence of memory corruption
    v1.8.1.12 (javascript crashes)
  * MFSA 2008-02 aka CVE-2008-0414: Multiple file input focus stealing
    vulnerabilities: 1. Focus shifting bugs and 2. Selective keystroke
    blocking bugs
  * MFSA 2008-03 aka CVE-2008-0415: Privilege escalation, XSS, Remote Code
    Execution (JavaScript privilege escalation bugs)
  * MFSA 2008-04 aka CVE-2008-0416: Multiple XSS vulnerabilities from
    character encoding
  * MFSA 2008-05 aka CVE-2008-0417: Stored password corruption
  * MFSA 2008-06 aka CVE-2008-0418: Directory traversal via chrome: URI
  * MFSA 2008-07 aka CVE-2008-0419: Web browsing history and forward
    navigation
    stealing
  * MFSA 2008-08 aka CVE-2008-0420: Possible information disclosure in BMP
    decoder
  * MFSA 2008-09 aka CVE-2008-0591: File action dialog tampering
  * MFSA 2008-10 aka CVE-2008-0592: Mishandling of locally-saved plain text
    files
  * MFSA 2008-11 aka CVE-2008-0593: URL token stealing via stylesheet redirect
  * MFSA 2008-12 aka CVE-2008-0594: Web forgery overwrite with div overlay
  * updated diverged patches
    - debian/patches/ubuntu-look-and-feel-patch.patch
    - debian/patches/configure-autoconf2-13-reconfigure.patch
    - debian/patches/series
  * remove patches applied upstream
    - debian/patches/bz391028_att284556.patch










Collablog Portal enabled