Firefox 1.0.1 Available - Fixes Security Issues

Firefox 1.0.1 update

The Mozilla Foundation released on Thursday an update to the Firefox Web browser to fix several vulnerabilities, including one that would allow domain spoofing.

 

Thanks for the heads up, Dennis.

Anyone using Firefox 1.0 or older, this is a must do update for security purposes. Be sure to read the Release Notes, for further information.

Before installing:
Uninstall Firefox 1.0 first, delete the Program Files folder for Firefox, then reboot your PC. This is a Version update, and not a patch...

Uninstalling Firefox, and deleting the Program Files folder will have no effect on your Profile, and it will remain intact.

The security fixes . . .

* 22183 - Display hostname in title bar when address bar is hidden, to reduce the impact of the fact that web sites are allowed to spoof address bars.
* 260560 - Security and download dialogs can be spoofed by covering them partially using popup windows.
* 262887 - Secunia background tab security issues (SA12712).
* 275417 - Download dialog source spoofing (SA13599).
* 279945 - Image drag and drop allows to create executable files.
* 280056 - When dropping a javascript link to a tab, the script runs in the security context of the site currently displayed in the tab.
* 280603 - "New Updates Avail" popup in bottom right-hand corner pops up endlessly / excessive hits on update service.
* 280664 - Using Flash and the -moz-opacity filter you can get access to about:config and make the user silently change values.
* 282270 - Display IDN URLs as punycode by default (controlled by a hidden pref).

Ramona

Edited to include Security Fixes