Oct
19
It doesn't seem that long since the last release of Firefox came out, but already there is a new version, 2.0.0.8. This new release consists of a fix in the Mac OS X version that improves compatibility with OS X Leopard (10.5) and in all versions there are the following fixes:
- URIs with invalid %-encoding mishandled by Windows
- XPCNativeWrapper pollution using Script object
- Possible file stealing through sftp protocol
- XUL pages can hide the window titlebar
- File input focus stealing vulnerability
- Browser digest authentication request splitting
- onUnload Tailgating
- Crashes with evidence of memory corruption (rv:1.8.1.8)
Interesting to see that the last item on the list (crashing with evidence of memory corruption) was also "fixed" in 2.0.0.5 - must be a problem they think they've fixed that won't go away. Another problem that isn't fixed in the release is one that has been fixed for ages now internally, and that is the computedStyle bug where it cannot return the background position of an element's style.
Link: Mozilla Firefox 2.0.0.8
