Firefox v1.5.0.2 est sorti ! Il n’est pas encore annoncé officiellement mais il est déjà là. Installation sans problèmes, aucun problème d’extensions. Il n’est disponible qu’en anglais mais les traductions ne devraient pas tarder à émerger.

Change Log

  • Universal Binary support for Mac OS X which provides native support for Intel-based Macintosh computers. Firefox supports the enhancements to performance introduced by the new Mac Intel chipsets.
  • Improvements to product stability.
  • Several security fixes.

Si vous avez trouvé une faute d’orthographe, veuillez nous en informer en sélectionnant le texte en question et en appuyant sur Ctrl + Entrée .

Articles en rapport:

Matt
Author

Matt est formateur, développeur expert WordPress et WooCommerce, et administrateur réseau chez Codeable.

2 Comments

  1. Matt
    Matt Reply

    Un conseil, mettez à jour si cela ne se fait pas automatiquement ! Voici la liste des failles et bugs corrigés :

    Multiple vulnerabilities have been identified in Mozilla Firefox, Mozilla Suite, SeaMonkey, and Thunderbird, which may be exploited by remote attackers to take complete control of an affected system, bypass security restrictions, or disclose sensitive information.

    The first issue is due to errors when handling JavaScript code that uses a modal alert to suspend an event handler while a new page is being loaded, which could be exploited by attackers to conduct cross domain scripting attacks and read cookies or arbitrary data from another domain via a malicious web page or email message.

    The second flaw is due to memory corruption errors in the JavaScript engine that fails to properly protect certain temporary variables during garbage collection, which could be exploited by malicious web sites to execute arbitrary commands.

    The third vulnerability is due to a memory corruption error in the CSS border-rendering code, which could be exploited by attackers to crash a vulnerable application or execute arbitrary commands.

    The fourth flaw is due to a memory corruption error in the JavaScript engine when handling overly large regular expressions, which could be exploited by malicious web sites to crash a vulnerable application or execute arbitrary commands.

    The fifth issue is due to errors when programmatically changing the « -moz-grid » and « -moz-grid-group » display styles, which could be exploited by malicious web sites to execute arbitrary commands.

    The sixth flaw is due to a memory corruption error when handling a specially crafted « InstallTrigger.install() » method, which could be exploited by malicious web sites to crash a vulnerable application or execute arbitrary commands.

    The seventh issue is due to an error when loading a secure site in a pop-up window then changing its location to a different site, which could be exploited by malicious web sites to spoof the browser’s secure-site indicators (the lock icon, the site name in the URL field, the gold URL field background in Firefox).

    The eighth vulnerability is due to an error when processing a web page that layers a transparent image link to an executable on top of a visible image, which could be exploited by attackers to right-click and choose « Save image as… » from the context menu and download a malicious executable masqueraded as a safe image file.

    The ninth flaw is due to an error when handling JavaScript functions created using the eval associated with methods of an XBL binding, which could be exploited by attackers to execute arbitrary code with the full permission of the user running a vulnerable application.

    The tenth issue is due to an error where the « clone parent » function object is accessible via the « Object.watch() » method, which could be exploited by attackers to compromise a vulnerable system.

    The eleventh is due to an error where the compilation scope of privileged built-in XBL bindings is accessible via « valueOf.call() » and « valueOf.apply() » or via an XBL method inserted into the DOM’s « document.body prototype » chain, which could be exploited by attackers to compromise a vulnerable system.

    The twelfth vulnerability is due to an origin validation error when processing the « window.controllers » array, which could be exploited by attackers to conduct cross domain scripting attacks and read cookies or arbitrary data from another domain via a malicious web page.

    The thirteenth flaw is due to a memory corruption error when handling malformed HTML tags, which could be exploited by malicious web sites to compromise a vulnerable system.

    The fourteenth issue is due to an origin validation error when processing the « .valueOf.call() » and « .valueOf.apply() » functions, which could be exploited by attackers to conduct cross domain scripting attacks and read cookies or arbitrary data from another domain via a malicious web page.

    The fifteenth vulnerability is due memory corruption errors when processing malformed DHTML tags, which could be exploited by malicious web sites to compromise a vulnerable system.

    The sixteenth flaw is due to a heap overflow error when handling a specially crafted CSS « letter-spacing » property, which could be exploited by remote attackers to execute arbitrary commands via a malicious web page.

    The seventeenth issue is due to an error when handling a specially crafted text input box, which could be exploited by malicious web sites to gain access to arbitrary files on a vulnerable system.

    The eighteenth flaw is due to an error when processing a specially crafted « crypto.generateCRMFRequest » method, which could be exploited by malicious web sites to compromise a vulnerable system.

    The nineteenth vulnerability is due to an error when a web page containing specially crafted scripts in an XBL control is viewed under « Print Preview », which could be exploited by malicious web sites to gain chrome privileges and execute arbitrary commands.

    The twentieth flaw is due to an error when handling specially crafted « setTimeout() » and « ForEach » functions, which could be exploited by attackers to bypass security checks in « js_ValueToFunctionObject() » and execute arbitrary commands.

    The twenty-first flaw is due to an error in the interaction between XUL content windows and the new faster history mechanism, which could be exploited by malicious web sites to conduct spoofing attacks.

    The twenty-second vulnerability is due to an error in Thunderbird that fails to properly restrict access to remote content referenced by an HTML mail message, which could be exploited by attackers to determine valid email addresses or disclose sensitive information.

    Affected Products

    Mozilla Firefox versions prior 1.5.0.2
    Mozilla Firefox versions prior to 1.0.8
    Mozilla Suite versions prior to 1.7.13
    SeaMonkey versions prior to 1.0.1
    Thunderbird versions prior to 1.5.0.2
    Thunderbird versions prior to 1.0.8

    Solution

    Upgrade to Firefox 1.5.0.2 or 1.0.8 :
    https://www.mozilla.org/en-US/firefox/new/

    Upgrade to Mozilla Suite 1.7.13 :
    https://www.mozilla.org/en-US/firefox/products/

    Upgrade to SeaMonkey 1.0.1 :
    http://www.seamonkey-project.org/

    Upgrade to Thunderbird 1.5.0.2 or 1.0.8 :
    https://www.mozilla.org/en-US/thunderbird/

Écrire un commentaire

Rapport de faute d’orthographe

Le texte suivant sera envoyé à nos rédacteurs :