Firefox 1.0.1

New version of Firefox available. Upgrade to version 1.0.1 to fix security risks.

Firefox Security Update

Firefox version 1.0.1 has been released as a security update. The new version also has improved stability.

Security Fixes

This release addresses the following security issues.

  • Internationalized Domain Name (IDN) homograph spoofing
  • Unsafe /tmp/plugtmp directory exploitable to erase user's files
  • Plugins can be used to load privileged content
  • Cross-site scripting by dropping javascript: link on tab
  • Image drag and drop executable spoofing
  • HTTP auth prompt tab spoofing
  • Download dialog source spoofing
  • Download dialog spoofing using Content-Disposition header
  • Overwrite arbitrary files downloading .lnk twice
  • XSLT can include stylesheets from arbitrary hosts
  • Autocomplete data leak
  • Memory overwrite in string library
  • Install source spoofing with user:pass@host
  • Spoofing download and security dialogs with overlapping windows
  • Heap overflow possible in UTF8 to Unicode conversion
  • SSL "secure site" indicator spoofing
  • Window Injection Spoofing

Download Firefox 1.0.1

Get the new version of firefox at: http://www.mozilla.org/products/firefox/