Firefox 1.0.1 fixes vulnerabilities
Firefox 1.0.1 is now available, fixing a number of vulnerabilities as well as providing a temporary solution to the troublesome IDN issue.
It’s a good idea to update to 1.0.1 since some of the 1.0 vulnerabilities discovered are rated critical, most specifically this one, dated 25/2, which allows a remote atttacker to execute arbitrary code (a demonstration can be found here). Installation of 1.0.1 over 1.0 looked to be trouble free, at least on my setup; none of my extensions were disabled either, so there’s no excuse to defer updating.
A lot of noise was generated around the IDN issue lately; Firefox 1.0.1 addresses the issue (at least temporarily) by displaying International Domain Names as punycode. Opera was correct in calling this a complex issue that concerns all browsers and asking for a joint effort of browser vendors, domain name registries and certificate authorities towards addressing it. Opera uses a different approach to address the issue in it’s new browser.
