Firefox 1.0.5 security update available.

Firefox 1.0.5 security update available at http://www.mozilla.org/products/firefox/

This should be the last of the 1.0 series updates before the release of the FF 1.1 major upgrade which will also provide for incremental updates (no more need to download the entire program for a minor tweak.)

Also available is the Thunderbird 1.0.5 email program security update at http://www.mozilla.org/products/thunderbird/



Fixed in Firefox 1.0.5
MFSA 2005-56 Code execution through shared function objects
MFSA 2005-55 XHTML node spoofing
MFSA 2005-54 Javascript prompt origin spoofing
MFSA 2005-53 Standalone applications can run arbitrary code through the browser
MFSA 2005-52 Same origin violation: frame calling top.focus()
MFSA 2005-51 The return of frame-injection spoofing
MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo()
MFSA 2005-49 Script injection from Firefox sidebar panel using data:
MFSA 2005-48 Same-origin violation with InstallTrigger callback
MFSA 2005-47 Code execution via "Set as Wallpaper"
MFSA 2005-46 XBL scripts ran even when Javascript disabled
MFSA 2005-45 Content-generated event vulnerabilities

Fixed in Thunderbird 1.0.5
MFSA 2005-56 Code execution through shared function objects
MFSA 2005-55 XHTML node spoofing
MFSA 2005-52 Same origin violation: frame calling top.focus()
MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo()
MFSA 2005-46 XBL scripts ran even when Javascript disabled
MFSA 2005-44 Privilege escalation via non-DOM property overrides
MFSA 2005-41 Privilege escalation via DOM property overrides
MFSA 2005-40 Missing Install object instance checks
MFSA 2005-33 Javascript "lambda" replace exposes memory contents

 

Thanks, I had been meaning to get around to posting that info.
Goes to show the power of open source software when a fix, due to a “not a security issue†incompatibility with the Enigmail extension, can come almost immediately. (Enigmail is an encryption/decrypt and sign/authenticate program)

In related news -
Mozilla Firefox 1.1 has been delayed. The new release is due in September.

"What we have been doing is better than initially planned, so instead of calling it 1.1, we think it deserves the name of 1.5" Features such as the new software update functionality and the improved extensions system were not originally intended for inclusion in the forthcoming release. In addition, Gecko has received numerous enhancements since the Firefox 1.0 branch was created and now includes support for technologies like .
http://www.mozillazine.org/

 

WoW, a decade old? (Just a slight exaggeration on your part. :wink: )
Apple Safari web browser programers just got started on SVG last month.

SVG is . . . </span>
XML Graphics for the Web:
Web-based applications are increasing in popularity. Developers are often limited by browser incompatibilities and missing functionality. With powerful scripting and event support, SVG can be used as a platform upon which to build graphically rich applications and user interfaces.
[Unlike Micromedia’s Flash, with] SVG, the application developer gets to use a collection of open standards. They are not tied to one particular implementation, vendor or authoring tool.

Mobile:
In 2001 the mobile phone industry chose SVG as the basis for its graphics platform.

Print:
Leading print hardware companies are currently developing the SVG Print specification: a version of SVG specifically suited to hard-copy output. . . . similar to Postscript and PDF, a final-form archiving format and variable data printing, where the information is provided by a database and output using a graphical SVG template. SVG provides identical online and hardcopy display.

Design and Interchange: [CAD/CAM]
SVG is well suited to the high-end graphical design market common in the Aerospace, Transportation, Automotive and Telecommunication industries. The extensibility of XML allows SVG diagrams to have embedded metadata in proprietary formats without affecting the presentation.

GIS and Mapping:
Geographic Information Systems have very specific requirements: rich graphics features, support for vector and raster content and the ability to handle a very large amount of data. SVG is well-suited to this market and many GIS systems provide SVG export.
[If you think Google Earth is cool, just wait till it is done in SVG!!!]<span style=\'color:green\'>

Embedded Systems:
Most embedded systems have severe resource limitations, including smaller screens, limited memory and reduced processing capability compared to typical desktop systems. The SVG Mobile specification was designed for such devices and allows for the development of graphical user interfaces for embedded systems. In its support for input events and scripting, devices can use an SVG front end for control and monitoring, such as a control system for industrial devices. [/color]

http://www.w3.org/Graphics/SVG/About.html
http://www.w3.org/Graphics/SVG/

This isn't your father's Flash, but you are right NuShrike, ease of authoring in SVG is an unknown to me too.