Mozilla Firefox 1.5.0.4 Released

WebKnowHow
Friday, June 2, 2006; 04:25 AM

Firefox 1.5.0.4 is a security update that is part of an ongoing program to provide a safe Internet experience for Firefox users. The development team recommends that all users upgrade to this latest version.

The new release improves overall stability and addresses the following security issues (some of which are rated as "critical"):

-Privilege escalation using addSelectionListener
-Web site XSS using BOM on UTF-8 pages
-File stealing by changing input type (variant)
-"View Image" local resource linking (Windows)
-Buffer overflow in crypto.signText()
-Remote compromise via content-defined setter on object prototypes
-PLUGINSPAGE privileged JavaScript execution 2
-Privilege escalation through XUL persist
-XSS viewing javascript: frames or images from context menu
-HTTP response smuggling
-Fixes for crashes with potential memory corruption
-EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)

A "critical" vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.