Firefox 1.0.1

New version of Firefox available. Upgrade to version 1.0.1 to fix security risks.

Firefox Security Update

Firefox version 1.0.1 has been released as a security update. The new version also has improved stability.

Security Fixes

This release addresses the following security issues.

• Internationalized Domain Name (IDN) homograph spoofing
  
• Unsafe /tmp/plugtmp directory exploitable to erase user's files
  
• Plugins can be used to load privileged content
  
• Cross-site scripting by dropping javascript: link on tab
  
• Image drag and drop executable spoofing
  
• HTTP auth prompt tab spoofing
  
• Download dialog source spoofing
  
• Download dialog spoofing using Content-Disposition header
  
• Overwrite arbitrary files downloading .lnk twice
  
• XSLT can include stylesheets from arbitrary hosts
  
• Autocomplete data leak
  
• Memory overwrite in string library
  
• Install source spoofing with user:pass@host
  
• Spoofing download and security dialogs with overlapping windows
  
• Heap overflow possible in UTF8 to Unicode conversion
  
• SSL "secure site" indicator spoofing
  
• Window Injection Spoofing

Download Firefox 1.0.1

Get the new version of firefox at: http://www.mozilla.org/products/firefox/