Firefox 1.0.7 Fixes Several Critical Vulnerabilities; Recommended Upgrade

Firefox 1.0.7 Fixes Several Critical Vulnerabilities; Recommended Upgrade

Computer Security News

Urls News

RELATED NEWS

5 Top and Best Most Popular Offline Wordpress Editor

How to Prevent Auto Resuming Of Downloads When Firefox Restarts?

How to Backup & Restore Firefox Preferences?

How to prevent automatic scanning of files on downloading in Firefox?

Firefox Tip: stop sending referer (sic) information when clicking on a link?

How to specify default feed handler in Firefox

Happy Birthday Firefox

There is Actually A Software To Prevent Drunken Facebook Rants

New Web Browser RockMelt Launched that Highlights Social Networking

Blacksheep: Protecting Firefox from Firesheep

By Angsuman Chakraborty, Gaea News Network
Friday, September 23, 2005

Firefox 1.0.7 is a security and stability release. It is strongly recommend that all users upgrade to this latest version.

This version includes several security and stability fixes, including a fix for a reported buffer overflow vulnerability and a fix for a Linux shell command vulnerability. Details below.

Specific changes in Firefox 1.0.7

Fix for a potential buffer overflow vulnerability when loading a hostname with all soft-hyphens
Fix to prevent URLs passed from external programs from being parsed by the shell (Linux only)
Fix to prevent a crash when loading a Proxy Auto-Config (PAC) script that uses an “eval” statement
Fix to restore InstallTrigger.getVersion() for Extension authors
Other stability and security fixes:
- MFSA 2005-59 (High) - Command-line handling on Linux allows shell execution
- MFSA 2005-58 (Critical) - Firefox 1.0.7 / Mozilla Suite 1.7.12 Vulnerability Fixes
- MFSA 2005-57 (Critical) - IDN heap overrun using soft-hyphens

You can download Firefox 1.0.7 here.

The known issues are:

All Systems

* Prior to installing Firefox 1.0.7, please ensure that the directory you’ve chosen to install into is clean and doesn’t contain any previous Firefox installations.
* If you install Firefox on a multi-user system in an area in which there is restricted access privileges, you must run Firefox as a user with access to that location upon installation so that all initial startup files are generated. If this is not done, when a user without write access to the install location attempts to start Firefox, they will not have sufficient privileges to allow Firefox to generate the initial startup files it needs to.
* When upgrading, all your Extensions and Themes will be disabled. This is not an issue, but it may appear to be one (hence its listing here). For rationale, see “Extension and Themes” above.
* Software Update does not request proxy authentication and will fail if you are behind a proxy server. (bug) The workaround is to visit a web page in the browser and log in to the proxy server and then perform Software Update.
* Software Update will not work if Firefox is installed to a location that you do not have write access to, since Software Update needs to replace or create files in this location.
* The Help documentation refers to “Single Window Mode” options regarding “Force links opened in new windows to open in [New Tab, Same Tab].” This function was disabled at the last minute due to problems we were experiencing with it, so ignore this section of Help. To re-enable the Single Window Mode options (at your own risk - there may be crashes), use the Configuration Console (accessed by entering “about:config” in the Location bar and pressing Enter) to set browser.tabs.showSingleWindowModePrefs to true.

Windows

* On Windows 2000 systems, some users may experience a crash on exit of the browser after viewing a page that calls the Windows Media Player 9 plug-in. If you experience this, make sure you are using the newest version of the Java plug-in, greater than Java 1.5. Older versions of the Java plug-in may conflict with Windows Media Player 9 in Firefox.
* When installing as a restricted access user on a shared machine into a location that you can write to, there may still be negative side effects (default browser/other keys not being set correctly). The browser should still function however. When installing as a restricted access user do not attempt to install over an installation in a restricted-access/shared location as this may destroy that installation.
* Firefox may hang when closing after viewing a PDF file in some older versions of the Adobe Acrobat Reader plug in. If you experience this, make sure you are using the newest version of the plug in.
* On Windows 98 and Windows ME systems, the Application icon may appear as a Windows icon.

Mac OS X

* Do NOT run Firefox from the Disk Image! - doing this will cause an infinite restart loop (the symptom of which is a Firefox icon that bounces briefly in the Dock then disappears and reappears, bounces and disappears, over and over). To break Firefox out of this loop, open a Terminal and type “killall firefox-bin” and press enter. Install Firefox to a location you have write access to and try again. When installing on a multi- user limited access system, install it into a shared location as administrator, run it once and then all users should be able to access it.
* If Firefox does not display a browser window, quit Firefox using Cmd+Q and open ~/Library/Application Support/Firefox/Profiles/.default/ and remove localstore.rdf. Restart Firefox. Any toolbar customizations you have made or window placement will be lost

Linux and Unix systems

* If Firefox is installed to a location with spaces in the path, Firefox may not be able to set itself as Default browser and may keep prompting at startup. The work around is to install into a path without spaces.
* GNOME integration does not work properly with Fedora Core 3. Users of Fedora Core 3 will need to download and install linc-1.0.3-3.1.i386.rpm. After installing the RPM, perform the following command in the directory you installed Firefox into (you will need write permission):

touch .autoreg

The next time you start Firefox, GNOME integration should be functional.

Web Page Rendering

* Firefox is powered by the same Gecko layout engine as other Mozilla software. If you encounter a problem with a website that does not correctly display then it is usually a problem with Gecko, not Firefox itself. Such problems should be reported in the Core product (not the Firefox product) in Bugzilla. If you are technically minded, try and create a reduced test case and this will help get your bug more attention.

For additional issues, FAQs, Tips and Tricks plus general Firefox help be sure to check out Firefox Help and the Firefox forums hosted by MozillaZine.

The Configuration Console (accessed by entering “about:config” in the Location bar and pressing Enter) gives advanced/experienced users direct control over Firefox’s preferences. This system is for use by people who know what they are doing only, by changing a value incorrectly you may damage or destroy your Firefox installation! Look to Help sites for handy preferences to tweak to customize Firefox further.

Hat-tip: James Huff @ MacManx

NAME :	(REQUIRED)
MAIL :	(REQUIRED) will not be displayed
WEBSITE :	(OPTIONAL)

YOUR COMMENT :
	Submit Notify me of followup comments via e-mail

Older News