This is primarily a security fix release patching 5 critical defects and one high priority defect.這主要是一個安全修正發布修補五關鍵的缺陷和一高度優先的缺陷。 Couple of them are regression defects (introduced in 1.5).夫婦,他們是回歸的缺陷(介紹了在1.5 ) 。 The major feature is Universal Binary support for Mac OS X which provides native support for Macintosh with Intel Core processors.主要特點是普遍二進制支持Mac OS X提供本土支持與麥金塔英特爾核心處理器。 Firefox supports the enhancements to performance introduced by the new MacIntel chipsets. Firefox的支持增強的表現所提出的新macintel芯片組。

The key fixes are:關鍵修復程序是:
MFSA 2006-29 Spoofing with translucent windows mfsa 2006-29欺騙與半透明視窗
An interaction between XUL content windows and the new faster history mechanism in Firefox 1.5 caused those windows to become translucent.一之間的相互作用這裡的內容Windows和新的更快的歷史機制,在Firefox 1.5造成那些在Windows成為半透明。 This could be used to construct spoofs that could trick users into interacting with browser UI they can’t see.這可能是用來建構偽裝可能誘騙使用者的互動與瀏覽器的用戶界面,他們不能見。 It’s possible a clever game-type presentation could persuade an unsuspicious user into some combination of actions that would result in running the attacker’s code.它的可能聰明的遊戲式的介紹可以說服一unsuspicious用戶到一些相結合的行動,會導致運行攻擊者的代碼。 This is a regression bug.這是一個回歸的錯誤。 It was not there in 1.0.這是有沒有在1.0 。

MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented mfsa 2006-28安全檢查的js_valuetofunctionobject ( )可以規避
The security check in js_ValueToFunctionObject() can be bypassed by clever use of setTimeout() and the new Firefox 1.5 array method ForEach.安全檢查在js_valuetofunctionobject ( )可以繞過巧用settimeout ( )和新的Firefox 1.5陣列的方法foreach 。 shutdown demonstrated how to leverage this into a privilege escalation vulnerability that would allow the installation of malware.關機演示了如何利用這種成為一個特權升級的脆弱性,這將使安裝惡意軟件。

This is again a regression defect.這又是一種倒退的缺陷。 This vulnerability was introduced during Firefox 1.5 development.此漏洞的介紹,在Firefox 1.5中發展。

MFSA 2006-25 Privilege escalation through Print Preview mfsa 2006-25特權升級,通過打印預覽
Georgi Guninski reported two variants of using scripts in an XBL control to gain chrome privileges when the page is viewed under “Print Preview”. ( Georgi guninski報導, 2變種使用的腳本中xbl控制增益鉻特權查看網頁時,根據“打印預覽” 。 This vulnerability exists even if web-content JavaScript is turned off.此漏洞的存在,即使網頁內容的JavaScript處於關閉狀態。

MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest mfsa 2006-24特權升級使用crypto.generatecrmfrequest
shutdown demonstrated that the crypto.generateCRMFRequest method can be used to run arbitrary code with the privilege of the user, which could enable an attacker to install malware.關機表明,該crypto.generatecrmfrequest方法可以用來執行任意的程式碼與特權的用戶,這可讓攻擊者安裝惡意軟件。

MFSA 2006-23 File stealing by changing input type mfsa 2006-23檔案竊取通過改變輸入類型
Claus Jørgensen reported that a text input box can be pre-filled with a filename and then turned into a file-upload control with the contents intact, allowing a malicious website the ability to steal any local file whose name they can guess.克勞斯喬根森報告說,一個文本輸入框,可預先填好的一個文件名,然後變成一個文件上傳控制與內容不變,允許惡意網站的能力,竊取任何本地文件的名字,他們可以猜到。

Jesse Ruderman reported a variation, changing the type of the input control in an event handler to work around some of the initial checks.傑西魯德爾曼報告的變化,改變類型的投入控制在一個事件處理工作,周圍的一些初步檢查。

MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability mfsa 2006-22的CSS 信間距堆溢出漏洞
An anonymous researcher for TippingPoint and the Zero Day Initiative discovered an integer overflow triggered by the CSS letter-spacing property.一無名氏研究員了TippingPoint和零天主動發現了一個整數溢出所引發的CSS信間距財產。 This results in in under-allocating memory and ultimately a heap buffer overflow which could be exploited to run code of the attacker’s choice.這個結果在在根據分配記憶體,並最終堆緩衝溢出,從而可以被利用來運行代碼的攻擊者所選擇的。

The overflow condition itself does not require JavaScript and thus could affect Thunderbird via received mail, but without scripting to prepare memory it may not be possible to exploit this condition in mail.溢出條件本身不需要JavaScript ,因此可能會影響雷鳥通過收到的郵件,但沒有腳本準備記憶體可能無法利用此條件的郵件。

MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2) mfsa 2006-20崩潰的證據,記憶腐敗(風疹病毒: 1.8.0.2 )
As part of the Firefox 1.5.0.2 release we fixed several crash bugs to improve the stability of the product, with a particular focus on finding crashes caused by DHTML.一部分的Firefox 1.5.0.2釋放,我們幾個固定的崩潰錯誤,以提高穩定性的產品,尤其側重於尋找崩潰所造成的DHTML 。 Some of these crashes showed evidence of memory corruption that we presume could be exploited to run arbitrary code with enough effort.一些這些證據顯示,墜毀的記憶體腐敗,我們假定可以被利用來執行任意的程式碼與足夠的努力。
Link鏈接