p2pnet.net News:- Mozilla has released a new version it says resolves several important security issues.

Among other things it, fixes "Internationalized Domain Name (IDN) homograph spoofing" which "could be used to construct perfect, indistinguishable phishing sites".

• MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
• MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user’s files
• MFSA 2005-27 Plugins can be used to load privileged content
• MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
• MFSA 2005-25 Image drag and drop executable spoofing
• MFSA 2005-24 HTTP auth prompt tab spoofing
• MFSA 2005-23 Download dialog source spoofing
• MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
• MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
• MFSA 2005-18 Memory overwrite in string library
• MFSA 2005-17 Install source spoofing with user:pass@host
• MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
• MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
• MFSA 2005-14 SSL "secure site" indicator spoofing
• MFSA 2005-13 Window Injection Spoofing

It’s available here:

(Thanks, Francois)

Something you think we should know? tips[at]p2pnet.net

<—–Go ahead, make my data ! —->

This entry was posted on Tuesday, March 22nd, 2005 at 2:10 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 1977 times