Mozilla has released Firefox 3.0.6, an update to its popular web browser. The company claims to have resolved several security issues, as well as stability problems which triggered crashes. Some security fixes include preventing people from changing a form input control's type during the restoration of a closed tab, which could be used in altering the input type to steal the content of a user’s local file. Also blocked is a Chrome XBL method that could be used with window.eval to execute JavaScript. Other minor fixes have been made to prevent cookies marked HTTPOnly from being read by JavaScript via XMLHttpRequest, and an issue with Firefox ignoring certain HTTP directives that could have resulted in users viewing improperly cached pages containing private data. Lastly, a problem that was supposed to have been solved in the previous update, involving people using local Internet shortcut files to access other sites, turns out to have had a bypass method involving redirection to a privileged about:URL. Mozilla now claims to have closed the loophole.
Firefox 3.0.6 is a free download from the Mozilla website.
Firefox 3.0.6 is a free download from the Mozilla website.
No comments:
Post a Comment