allindrome
Journeyman
Mozilla is an open-source Web browser, designed for standards compliance, performance and portability.
Mozilla is a cousin to Netscape Communicator that is being developed by the Free Software Community with the cooperation and support of Netscape.
What's New in This Release:
· Drag and drop loading of privileged XUL
· GIF heap overflow parsing Netscape extension 2
· Internationalized Domain Name (IDN) homograph spoofing
· Unsafe /tmp/plugtmp directory exploitable to erase user's files
· Plugins can be used to load privileged content
· Cross-site scripting by dropping javascript: link on tab
· Image drag and drop executable spoofing
· HTTP auth prompt tab spoofing
· Download dialog source spoofing
· Overwrite arbitrary files downloading .lnk twice
· XSLT can include stylesheets from arbitrary hosts
· Memory overwrite in string library
· Install source spoofing with userass@host
· Spoofing download and security dialogs with overlapping windows
· Heap overflow possible in UTF8 to Unicode conversion
· SSL "secure site" indicator spoofing
· Window Injection Spoofing
Download: *ftp.mozilla.org/pub/mozilla.org/mozilla/releases/mozilla1.7.6/mozilla-win32-1.7.6-installer.exe
Mozilla is a cousin to Netscape Communicator that is being developed by the Free Software Community with the cooperation and support of Netscape.
What's New in This Release:
· Drag and drop loading of privileged XUL
· GIF heap overflow parsing Netscape extension 2
· Internationalized Domain Name (IDN) homograph spoofing
· Unsafe /tmp/plugtmp directory exploitable to erase user's files
· Plugins can be used to load privileged content
· Cross-site scripting by dropping javascript: link on tab
· Image drag and drop executable spoofing
· HTTP auth prompt tab spoofing
· Download dialog source spoofing
· Overwrite arbitrary files downloading .lnk twice
· XSLT can include stylesheets from arbitrary hosts
· Memory overwrite in string library
· Install source spoofing with userass@host
· Spoofing download and security dialogs with overlapping windows
· Heap overflow possible in UTF8 to Unicode conversion
· SSL "secure site" indicator spoofing
· Window Injection Spoofing
Download: *ftp.mozilla.org/pub/mozilla.org/mozilla/releases/mozilla1.7.6/mozilla-win32-1.7.6-installer.exe