I am sure some out there might have faced this problem of not able to recover saved passwords and hence for them FireFox 3.0.3 becomes a must download. Mostly, your FireFox will update itself on its own but if it dosen’t then I guess you should do it manually so that your passwords are remembered.

Features of 3.0.3 which are common with 3.0.2 are:

• Fixed several theme issues that affected right-to-left locales.
• Fixed several stability issues.
• Fixed a number of minor issues with the layout of certain web pages.
• Official releases for Sinhala and Slovene are now available.
• Beta releases for Bengali, Galician, Hindi, Icelandic, Kannada, Marathi, Telugu, and Thai are available for testing.
• Add new Extended Validation (EV) roots to Firefox 3.0.2.
• Fixed several hangs and crashes that occurred when using screen readers.

© CompuWorld - because The Genius Inside You Is Still Sleeping.

Related posts

• How About Being Part Of A World Record? (1)
• FireFox Releases New Update – FireFox 3.0.2 (1)
• Speculations Rising For Release Of FireFox 3.0 & Internet Explorer 8 (0)
• Scary Vulnerabilities In IE7 And Firefox 2.0 (0)

Affected Software
Internet Explorer 7
Internet Explorer 6
Internet Explorer 5.01
FireFox 2.0.0.2
FireFox 1.5.0.9

Description

For demonstration of vulnerability in IE7 click here. For FireFox click here. This is a must see for all of the Internet users around. Using the vulnerability some diverted keystrokes which you hit to enter forms on a web page could be used to enter commands over the Internet to see your boot.ini. And this could just be the beginning.

“Both examples are Windows-specific, and require C:BOOT.INI to exist and be readable by users. The attack itself is not limited to a particular operating system, but I decided to provide a demonstration for most popular desktop OS – *nix versions that access /etc/hosts or /etc/passwd are easy to develop,” Zalewski, one who found the vulnerability, stated.“In all modern browsers, form fields (used to upload user-specified files to a remote server) enjoy some added protection meant to prevent scripts from arbitrarily choosing local files to be sent, and automatically submitting the form without user knowledge. For example, “.value” parameter cannot be set or changed, and any changes to .type reset the contents of the field,” added Michal Zalewski.

Workaround Available
User interaction is a must if both vulnerabilities are to be successfully exploited. In this context, the user would have to enter text in malformed areas on a web page, either from IE or FireFox. Zalewski explained that the keyboard input in unrelated locations can be selectively geared toward input fields by the attacker.

No real workaround looks to be available currently but we will keep you updated with the latest news.

Microsoft on one side was shouting that there IE7 is free of vulnerabilities while FireFox was busy releasing patches this month. Now this kick will surely add to there wounds. Let us wait and see how they react.

Source: Softpedia

© CompuWorld - because The Genius Inside You Is Still Sleeping.

Related posts

• Microsoft Internet Explorer Multiple Vulnerabilities (1)
• FireFox 3.0.3 Released 3 Days After 3.0.2 (0)
• Internet Explorer Hit With Another Vulenrability (0)