Critical Flaws Patched in Firefox
Mozilla had released Firefox 1.5.0.5, which includes several security fixes and stability improvements over previous versions. It is also expected to be the last version of Firefox before developers turn their attention to Firefox 2.0, due out September 26 according to the latest roadmap.
Among the critical flaws addressed in the new release are a memory corruption vulnerability that occurred after a crash of the browser, four JavaScript issues including one that poses a privilege escalation risk, another memory corruption issue caused by simultaneous XPCOM events, and a code execution risk through a deleted frame reference.
Fixed in Firefox 1.5.0.5:
MFSA 2006-56 chrome: scheme loading remote content
MFSA 2006-55 Crashes with evidence of memory corruption (rv:1.8.0.5)
MFSA 2006-54 XSS with XPCNativeWrapper(window).Function(…)
MFSA 2006-53 UniversalBrowserRead privilege escalation
MFSA 2006-52 PAC privilege escalation using Function.prototype.call
MFSA 2006-51 Privilege escalation using named-functions and redefined “new Object()”
MFSA 2006-50 JavaScript engine vulnerabilities
MFSA 2006-48 JavaScript new Function race condition
MFSA 2006-47 Native DOM methods can be hijacked across domains
MFSA 2006-46 Memory corruption with simultaneous events
MFSA 2006-45 Javascript navigator Object Vulnerability
MFSA 2006-44 Code execution through deleted frame reference
on 