Mozilla Firefox - New 1.5.0.1 release addresses several security issues
All users should update to the latest version of Mozilla Firefox, as several recently discovered security issues have been addressed by this latest release.
http://secunia.com/advisories/18700/
Summary of Security Issues Fixed
Description: Multiple vulnerabilities have been reported in Firefox, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, potentially disclose sensitive information, and potentially compromise a user's system.
1) Some errors in the JavaScript engine where certain temporary variables are not properly protected may be exploited to execute arbitrary code via a user-defined method triggering garbage collection.
2) An error in the dynamic style handling can be exploited to reference freed memory by changing the style of an element from "position:relative" to "position:static".
3) An error in the "QueryInterface" method of the Location and Navigator objects can be exploited to cause a memory corruption.
4) An input validation error in the processing of the attribute name when calling "XULDocument.persist()" can be exploited to inject arbitrary XML and JavaScript code in "localstore.rdf", which will be executed with the permissions of the browser the next time the browser starts up again.
5) Some integer overflows in the E4X, SVG, and Canvas functionalities may be exploited to execute arbitrary code.
6) A boundary error in the "nsExpatDriver::ParseBuffer()" function in the XML parser may be exploited to disclose data on the heap.
7) The internal "AnyName" object of the E4X functionality is not properly protected. This can be exploited to create a communication channel between two windows or frames having different domains.
Solution:
Update to version 1.5.0.1.
http://www.mozilla.com/firefox/
Additional CVE References
CVE-2005-4134
CVE-2006-0292
CVS-2006-0293
CVE-2006-0294
CVE-2006-0295
CVE-2006-0296
CVE-2006-0297
CVE-2006-0298
CVE-2006-0299