Firefox 1.0.1 out, takes care of most security bugs
The first update to FireFox is out. Firefox 1.0.1 aims to fix a slew of vulnerabilities. Foremost among those are domain-spoofing and cross-site scripting bugs. 1.0.1's release was pushed forward in order to take care of the International Domain Name bug. That particular bug results from Firefox's implement of the IDN specification which allows the use of non-English characters in URL names. The IDN issue is not unique to Firefox, as it also affects Opera, Safari, and OmniWeb — but not Internet Explorer.
Also fixed is another bug that enables web sites to force content into another site's window if the target name of the window is known.
This other bug could result in a malicious Web site spoofing the content of a pop-up window opened from the second site. The Mozilla Foundation is working with Sun to fix the Java spoof and is collaborating with Opera and Safari to find a solution to the cookie-injection bug.
A new problem that is affecting multiple users is Firefox 1.0.1 crashing when a user types a query into a search bar. It seems to affect most those people who installed 1.0.1 on top of 1.0. One solution is uninstalling 1.0 and then installing 1.0.1, and according to Bugzilla, that bug has since been fixed.
Here is a summary of Chris Charlton about what's new in Firefox 1.0.1:
- Improved stability
- International Domain Names are now displayed as punycode. (To show International Domain Names in Unicode, set the "network.IDN_show_punycode" preference to false.)
- Several security fixes.
These Release Notes cover what's new, download and installation instructions, known issues and frequently asked questions for the Firefox 1.0 release. Please read these notes and the bug filing instructions before reporting any bugs to Bugzilla.
Comments
Be the first to write a comment
You must me logged in to write a comment.