0
Parmi les changements, plusieurs correctifs empêchant le spoofing et l'exécution de code arbitraire (Les IDN ou nom de domaines internationaux sont maintenant affichés en tant que "punycode" dans la barre d'adresse afin d'éviter le spoofing d'URL)
Citation
What's new in Firefox 1.0.1
Last updated February 24, 2005.
Most of the changes in Firefox 1.0.1 were security fixes and stability fixes.
Security hole fixes
* 22183 - Display hostname in title bar when address bar is hidden, to reduce the impact of the fact that web sites are allowed to spoof address bars.
* 260560 - Security and download dialogs can be spoofed by covering them partially using popup windows.
* 262887 - Secunia background tab security issues (SA12712).
* 273699 - 2 Frame Injection Vulnerabilities (popup blocking race condition & onunload event mis-firing).
* 275417 - Download dialog source spoofing (SA13599).
* 279945 - Image drag and drop allows to create executable files.
* 280056 - When dropping a javascript link to a tab, the script runs in the security context of the site currently displayed in the tab.
* 280603 - "New Updates Avail" popup in bottom right-hand corner pops up endlessly / excessive hits on update service.
* 280664 - Using Flash and the -moz-opacity filter you can get access to about:config and make the user silently change values.
* 282270 - Display IDN URLs as punycode by default (controlled by a hidden pref).
Last updated February 24, 2005.
Most of the changes in Firefox 1.0.1 were security fixes and stability fixes.
Security hole fixes
* 22183 - Display hostname in title bar when address bar is hidden, to reduce the impact of the fact that web sites are allowed to spoof address bars.
* 260560 - Security and download dialogs can be spoofed by covering them partially using popup windows.
* 262887 - Secunia background tab security issues (SA12712).
* 273699 - 2 Frame Injection Vulnerabilities (popup blocking race condition & onunload event mis-firing).
* 275417 - Download dialog source spoofing (SA13599).
* 279945 - Image drag and drop allows to create executable files.
* 280056 - When dropping a javascript link to a tab, the script runs in the security context of the site currently displayed in the tab.
* 280603 - "New Updates Avail" popup in bottom right-hand corner pops up endlessly / excessive hits on update service.
* 280664 - Using Flash and the -moz-opacity filter you can get access to about:config and make the user silently change values.
* 282270 - Display IDN URLs as punycode by default (controlled by a hidden pref).
Lien : http://www.mozilla.o...irefox/all.html
