Software Update: Mozilla Suite 1.7.6
Mozilla has released a security update to the 1.7 branch of the Mozilla Suite, lifting the version number to 1.7.6. The package consists of a web browser, email and news programs, and an html editor. Direct downloads for the different platforms can be found at the bottom of this posting. A list of some seventy changes can be put in a “coarse” changelog are found, but these are the main changes:
This release resolves several important security issues:
- Internationalized Domain Name (IDN) homograph spoofing
- Unsafe /tmp/plugtmp directory exploitable to erase user’s files
- Plugins can be used to load privileged content
- Cross-site scripting by dropping javascript: link on tab
- Image drag and drop executable spoofing
- HTTP auth prompt tab spoofing
- Download dialog source spoofing
- Overwrite arbitrary files downloading .lnk twice
- XSLT can include stylesheets from arbitrary hosts
- Memory overwrite in string library
- Install source spoofing with user:pass@host
- Spoofing download and security dialogs with overlapping windows
- Heap overflow possible in UTF8 to Unicode conversion
- SSL “secure site” indicator spoofing
- Window Injection Spoofing
[break]The following downloads are available:
Mozilla 1.7.6 for Linux
Mozilla 1.7.6 for Mac OS X
Mozilla 1.7.6 for Windows
Mozilla 1.7.6, other downloads[break]
| Version number | 1.7.6 |
| Operating systems | Windows 9x, Windows NT, Windows 2000, Linux, Windows XP, macOS |
| Website | Mozilla |
| Download | |
| License type | GPL |