Mozilla Firefox 1.5.0.2

By Copernic
in Back Page News

 Share

Recommended Posts

Mentor

Raven

Posted
Posted

This was great. I got a message box informing me of the already installed update and to restart Firefox. These guy (and gals) have come a long way to make the best browser on the market (IMHO). MS might as well buy Mozilla 'cause that's the only way they'll have a decent browser.

Grand Master

Farstrider

Posted
Posted

Firefox 1.5.0.2 Fixes 21 Vulnerabilities

The Mozilla Foundation released an update to fix 21 security vulnerabilities in their Web browser, Firefox 1.5 for Windows, Linux, and Mac. If one of your users visits a malicious Web page, an attacker could exploit the worst of these vulnerabilities to execute code on that user's computer, with that user's privileges, possibly gaining complete control of the computer. If you use Firefox on any platform, you should download and deploy version 1.5.0.2 as soon as possible.

The Mozilla Foundation released Firefox 1.5.0.2, fixing 21 security vulnerabilities, as well as a few other stability issues, in the popular Web browser. Many of these vulnerabilities could allow a remote attacker to execute arbitrary code on your users' computers. We highlight three of the more worrisome flaws below:

An integer overflow in CSS Letter-Spacing. Firefox's CSS Letter-Spacing property suffers from an integer overflow vulnerability. By enticing one of your users to a malicious Web page, an attacker could exploit one of these integer overflows to execute code on that user's computer with the user's privileges. If you give your users local administrative privileges, an attacker could potentially exploit this flaw to gain control of their system.

Code execution vulnerability in particular JavaScript method. A flaw in a particular JavaScript method (called crypto.generateCRMFRequest) allows remote attackers to execute code on one of your user's machines with that user's privileges. However, like the flaw above, the attacker would first have to entice his victim to a malicious Web page for this attack to succeed.

Flaws in DHTML handling may allow code execution. Firefox suffers from several security vulnerabilities and crash bugs involving the way it handles DHTML Web content. Some of these vulnerabilities could allow attackers to execute code on your users' computers with their privileges. Like both flaws above, the hacker would have to entice your users to a malicious Web page in order to exploit these flaws.

These three flaws alone should convince you to update your Firefox users as soon as possible. However, if you'd like to know more about the remaining vulnerabilities, check out Firefox's known issues page.

Mozilla has updated Firefox to version 1.5.0.2 in order to correct these security vulnerabilities. If you use Firefox in your network, download and deploy version 1.5.02 as soon as possible.

Windows

Mac OS X

These attacks arrive as normal-looking HTTP traffic, which you need to allow through your firewall so your end users can access the World Wide Web. Therefore, the patches above are your best solution.

Thought that this may help anyone looking for help or downloads!

Rookie

Jzilla

Posted
Posted

Firefox 1.5.0.2 Fixes 21 Vulnerabilities

It is Firefox 1.0.8 that has 21 or rather 18 Vulnerabilities fixed, NOT Firefox 1.5.0.2 as it only actually has 7 vulnerabilities fixed. http://www.mozilla.org/projects/security/k...rabilities.html

https://www.neowin.net/index.php?act=view&id=32838&cid=451400

Most of those advisories don't affect 1.5.0.1. The ones at the start say they affect Firefox before 1.5.0.2; the rest say they affect Firefox before 1.5 when in fact only 7 fixes are featured in 1.5.0.2 compared to a whopping 18 in 1.0.8.

By the way for Firefox 1.0.8 unlike what they planned in the past they decided that 1.0.8 will be the last of the old Aviary1.0.1 Branch releases unless something comes up to warrant a 1.0.9

Neowinian

RabbiDreed

Posted
Posted

Glad to say that it does fix a few of them.

  • Memory leaks
    • 321283 - Using Find causes documents to leak.
    • 323532 - Leak when using history autocomplete.
    • 323377 - Lots of leaks in nsInternetSearchService.

Yet it may have introduced a whole new BIGGER memory leak...

I've had to regress to 1.5.0.1 to avoid it crashing. The memory footpront is usually between 100MB and 250MB even with just 1 tab open! When it happens I can't even kill the process! I can't even shut down! Has to be a hard power off...

Just compliling some more evidence on another machine to submit a bug.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Apple reluctantly forces strict new age checks on Texas users starting today

      By zikalify · Posted

      Apple reluctantly forces strict new age checks on Texas users starting today by Paul Hill Apple will begin enforcing the Texas Age Assurance Law (SB 2420) following a recent court ruling that lifted an injunction on SB 2420. Starting June 4 (today), Apple will enforce strict age-verification and parental-consent rules for new Apple accounts created in Texas. This move will affect children under 18 who go to download apps or attempt to make in-app purchases. Apple previously expressed privacy concerns related to this law, but compliance is now mandatory for the company, nevertheless. Apple will use several APIs to follow the law. Principally, the Declared Age Range API will fetch the specific user age bracket (Under 13, 13-15, 16-17, or 18+) and a verification method. The Significant Change API (PermissionKit) will trigger a system dialog for parental consent if an app gets a major update or an age-rating shift. There is also a new property type in StoreKit that allows developers to automatically check when their app’s age rating has changed on a user’s device and then use the Significant Change API to request parental consent. Finally, App Store Server Notifications can be configured to tell developers when a parent revokes consent, blocking app launches. To ensure they are ready for these changes, developers must immediately use Apple’s sandbox testing environment to validate these APIs in their apps. For any developers out there finding this to be inconvenient, get used to it. Other regions, such as Utah, Louisiana, and Brazil, are looking at, or have implemented, similar rules.
    • The official Funny Pictures thread

      By +Edouard · Posted

    • Microsoft OneDrive is getting a simple yet much needed feature

      By Chay Meredith · Posted

      They should show the onedrive recycle bin in a searchable manner and on app not just on the website
    • Crystal Dynamics pushes Tomb Raider remake to 2027, showcases fresh Unreal Engine 5 gameplay

      By PeterTHX · Posted

      You looking at a phone or something? On my 4K HDR monitor it is frikking spectacular.
    • New Surface Pro with Qualcomm Snapdragon X2 leaks ahead of announcement

      By MrElectrifyer · Posted

      The Surface Pro 7+ already has a USB C port which can be used for everything you mentioned, except for eGPUs. Meanwhile, microsoft have gotten rid of ALL of the following that are present in the Surface Pro 7+:

  • Recent Achievements

    • One Month Later
      nothanks earned a badge
      One Month Later
    • One Month Later
      B2Proxy earned a badge
      One Month Later
    • One Year In
      MadMung0 earned a badge
      One Year In
    • Week One Done
      jefred earned a badge
      Week One Done
    • Apprentice
      JoeyNeo went up a rank
      Apprentice

  • Popular Contributors

    1. 1
      +primortal
      484
    2. 2
      PsYcHoKiLLa
      230
    3. 3
      Skyfrog
      72
    4. 4
      FloatingFatMan
      60
    5. 5
      Nick H.
      54
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!