Also fixed is another bug that enables web sites to force content into another site's window if the target name of the window is known.
This other bug could result in a malicious Web site spoofing the content of a pop-up window opened from the second site. The Mozilla Foundation is working with Sun to fix the Java spoof and is collaborating with Opera and Safari to find a solution to the cookie-injection bug.
A new problem that is affecting multiple users is Firefox 1.0.1 crashing when a user types a query into a search bar. It seems to affect most those people who installed 1.0.1 on top of 1.0. One solution is uninstalling 1.0 and then installing 1.0.1, and according to Bugzilla, that bug has since been fixed.
Here is a summary of Chris Charlton about what's new in Firefox 1.0.1:
- Improved stability
- International Domain Names are now displayed as punycode. (To show International Domain Names in Unicode, set the "network.IDN_show_punycode" preference to false.)
- Several security fixes.
These Release Notes cover what's new, download and installation instructions, known issues and frequently asked questions for the Firefox 1.0 release. Please read these notes and the bug filing instructions before reporting any bugs to Bugzilla.
Firefox 1.0.1 aims to fix a slew of vulnerabilities. Foremost among those are domain-spoofing and cross-site scripting bugs. According to the Mozilla Foundation, 1.0.1's release was pushed forward in order to take care of the International Domain Name bug. That particular bug results from Firefox's implement of the IDN specification which allows the use of non-English characters in URL names. So substituting the "a" in amazon.com with а will result in Firefox displaying "аmazon.com" in the address bar, while directing users to an entirely different site. The IDN issue is not unique to Firefox, as it also affects Opera, Safari, and OmniWeb — but not Internet Explorer.
Also fixed is another bug that enables web sites to force content into another site's window if the target name of the window is known. This could result in a malicious Web site spoofing the content of a pop-up window opened from the second site. Left unpatched for now are a Java plug-in tab spoof which can occur when opening untrusted sites in a new tab, and a cross-domain cookie-injection bug. The Mozilla Foundation is working with Sun to fix the Java spoof and is collaborating with Opera and Safari to find a solution to the cookie-injection bug.
Based on the reactions of some early adopters, 1.0.1 could have used a little more quality assurance testing before its release. The primary problem that is affecting multiple users is Firefox 1.0.1 crashing when a user types a query into a search bar, a rather irritating bug that should have been caught. It seems to affect most those people who installed 1.0.1 on top of 1.0. One solution is uninstalling 1.0 and then installing 1.0.1, and according to Bugzilla, that bug has since been fixed.
Since its 1.0 release last fall, Firefox has been downloaded over 25 million times and has made some significant market share gains against Internet Explorer. With increased market share will come increased attention, not only from users and the press, but from malware writers as well. Keeping quality updates coming to address security bugs in a timely fashion will go a long way towards maintaining the buzz and momentum.
No comments:
Post a Comment