internet apps/networking
07/12/2005, 5:45pm, EDT
Tuesday, July 12th
Firefox 1.05 update addresses security issues
Mozilla.org has released Firefox 1.05, which fixes several security vulnerabilities in the popular open-source browser. The update is recommended for all users: it brings improvements to stability as well as fixes a several security issues, including fixes for spoofing via XHTML/JavaScript, code execution through shared objects, execution of arbritrary code through browser by standalone applications, and more. [updated with correct security fixes]
Filed under: software
,
, 1
,
,
,
,
,

subscribe to comments
for this article
The KHTML engine that's the base of Webcore DOES seem to have an inherently safe design, and the way Dashboard works supports this assumption. So long as you disable "open safe files after downloading" Safari shouldn't be subject to the same kinds of failures as have been exposed in Firefox. If you want to use a Gecko-based browse, Camino doesn't use chrome (the XML-based UI framework) for its user interface and should be safer.
I'm still concerned about Apple's use of the same LaunchServices database for both web and local URI handling, and Apple's fix of using a dialog the first time LaunchServices is used for a new application is really inadequate, but the exposure from this is much less and in any case it's shared by all browsers I know of on either Mac or Windows.