As reported yesterday afternoon:
The Mozilla Foundation today released updates to two of its main products, the Mozilla Suite and Firefox. This marks the third round of security fixes for Firefox, along with the seventh minor update to the 1.7 version of the Mozilla Suite. Security issues fixed in these new versions are listed on the Known Vulnerabilities page with detailed descriptions of each issue.
So I’ve updated – and added another few downloads to the counters. Man, I wonder what the real stats are for unique downloads. Oh well. We’ll see more details as web sites report unique visits by Firefox users. In the meantime, you can get you copy here.
The security fixes are as follows:
MFSA 2005-33 Javascript “lambda” replace exposes memory contents
MFSA 2005-34 javascript: PLUGINSPAGE code execution
MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege context
MFSA 2005-36 Cross-site scripting through global scope pollution
MFSA 2005-37 Code execution through javascript: favicons
MFSA 2005-38 Search plugin cross-site scripting
MFSA 2005-39 Arbitrary code execution from Firefox sidebar panel II
MFSA 2005-40 Missing Install object instance checks
MFSA 2005-41 Privilege escalation via DOM property overrides
I don’t yet have the scoop on whether these bits include Asa’s “Popups Must Die” ad block improvements. I’ll double check and report later.
-CyclingRoo-
===Update===
The relevant string did not exist in about:config after install. So I added the following: privacy.popups.disable_from_plugins with a string value of 2 (it accepts 0,1,2, or 3). Things are blocked quite nicely now.