Lunascape Version 6.1.7. Release: Gecko Engine Update to ver. 1.9.1.10

Bookmark and Share

We’re announcing a release of an updated version of Lunascape browser, version 6.1.7., today.  It has Gecko engine update to revision 1.9.1.10 with the following 9 security issues fixed according to Mozilla.org. As this includes important security fixes, we highly recommend upgrading your Lunascape browser as soon as you can. [To Update Lunascape]

  • Critical Impact
    • Integer Overflow in XSLT Node Sorting
    • Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
    • Freed object reuse across plugin instances
    • Use-after-free error in nsCycleCollector::MarkRoots()
    • Crashes with evidence of memory corruption (rv:1.9.2.4/ 1.9.1.10)
    • Re-use of freed object due to scope confusion
  • Moderate Impact
    • Content-Disposition: attachment ignored if Content-Type: multipart also present
    • focus() behavior can be used to inject or steal keystrokes
  • Low Impact
    • User tracking across sites using Math.random()

This would be ‘the last’ minor update on version 6.1.x. series.

With Lunascape 6.2, we’re going to change the way how we implement the Gecko engine, offering an option for users to install one’s preferred versions of Gecko engine to Lunascape browser.  So, stay tuned for our Lunascape 6.2 release announcement!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s