Beonex - Communicator - Version - 0.8.2 Stable - Release-notes - Security advisories

The Mozilla 1.0.1 and 1.0.2 releases fixed and disclosed a lot of security bugs, some of them severe.

Beonex Communicator 0.8.2 is based on Mozilla 1.0.2 and thus contains these fixes. We strongly recommend you to update Communicator.

List of security bugs fixed:

91043 document.write while another page is loading can bypass same-origin check

151478 https wyciwyg page is cached

152701 More eavsdropping in mailnews...

157646 Possible heap corruption in libjar

161357 Buffer overflow with external protocol handler

162393 A variable called "content" confuses urlSecurityCheck in contentAreaUtils.js

162520 Possible princeton-style password stealing exploit

163648 URL with "vbscript:" protocol launches MS Internet Explorer

164695 Heap corruption in libjar using manifest length -1

168316 Violating same-origin with Java

169982 XMLSerializer.serializeToStream needs same origin check

171274 URL bar spoofing using XUL <browser type="content-primary">

91043	document.write while another page is loading can bypass same-origin check
151478	https wyciwyg page is cached
152701	More eavsdropping in mailnews...
157646	Possible heap corruption in libjar
161357	Buffer overflow with external protocol handler
162393	A variable called "content" confuses urlSecurityCheck in contentAreaUtils.js
162520	Possible princeton-style password stealing exploit
163648	URL with "vbscript:" protocol launches MS Internet Explorer
164695	Heap corruption in libjar using manifest length -1
168316	Violating same-origin with Java
169982	XMLSerializer.serializeToStream needs same origin check
171274	URL bar spoofing using XUL <browser type="content-primary">