Technology news and Jobs 
Information Technology News Firefox 2.0.0.10 nears release
Information Technology News Firefox 2.0.0.10 nears release | Firefox 2.0.0.10 nears release |
|
|
|
| Written by Stephen Withers | |
| Thursday, 22 November 2007 | |
|
Firstly, Firefox's jar protocol handler will accept any zip format file, not just jar files. If an attacker is able to upload a zip file to a trusted site, a victim lured into downloading it will find that the contents of the zip file will run in the context of the trusted site, possibly allowing access to information stored on that site. This is being fixed by only allowing the jar scheme for files arriving with the application/java-archive MIME type. The second issue is if a zip archive is loaded via a redirect, Firefox currently runs it with the permissions applying to the initiating site, not the one actually delivering the file. These issues have been exploited to give the attacker see a user's stored Gmail contacts. Firefox 2.0.0.10 has reached the release candidate stage, and a test day is scheduled for this Friday, November 23. The test day will involve members of the Mozilla community performing systematic and ad-hoc tests of the release candidate, as well as its compatibility with extensions and with Flash and Java content. Assuming no major issues are found, Firefox 2.0.0.10 will arrive next week.
Get stories like this delivered daily - FREE - subscribe now When you subscribe get a 12 months license for LiveProject Valued at $99 USD  Download the FREE iTWire desktop alert widget
  |
Tags
| < Prev | Next > |
|---|
Subscribe to iTWire's daily e-newsletter now and get a FREE 12 month license to project management software valued at $99 USD. 
