We’re announcing a release of an updated version of Lunascape browser, version 6.1.7., today. It has Gecko engine update to revision 22.214.171.124 with the following 9 security issues fixed according to Mozilla.org. As this includes important security fixes, we highly recommend upgrading your Lunascape browser as soon as you can. [To Update Lunascape]
- Critical Impact
- Integer Overflow in XSLT Node Sorting
- Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
- Freed object reuse across plugin instances
- Use-after-free error in nsCycleCollector::MarkRoots()
- Crashes with evidence of memory corruption (rv:126.96.36.199/ 188.8.131.52)
- Re-use of freed object due to scope confusion
- Moderate Impact
- Content-Disposition: attachment ignored if Content-Type: multipart also present
- focus() behavior can be used to inject or steal keystrokes
- Low Impact
- User tracking across sites using Math.random()
This would be ‘the last’ minor update on version 6.1.x. series.
With Lunascape 6.2, we’re going to change the way how we implement the Gecko engine, offering an option for users to install one’s preferred versions of Gecko engine to Lunascape browser. So, stay tuned for our Lunascape 6.2 release announcement!