Credit to Billy Rios of Microsoft, and Nitesh Dhanjani of Ernst & Young for reporting this issue. This update addresses the issue by restricting the types of URLs that may be launched via the plug-in interface. Visiting a maliciously crafted website may allow a remote attacker to launch local files in Safari, which may lead to the disclosure of sensitive information. Mozilla no longer issues security updates for it and it has many vulnerabilities that are not suited to surfing online anymore. Important Note: Running Firefox 3.6.28 on a Mac poses a serious security threat to your Mac.
FIREFOX MAC OS 10.4 FOR MAC OS X
Mozilla has dropped support for Mac OS X 10.4 but Firefox 3.6.28 still works on PPC Macs. Visiting a maliciously crafted website may lead to the disclosure of sensitive information WebKit's plug-in interface does not block plug-ins from launching local URLs. To get Firefox for Mac 10.4.11 you need to download Firefox 3.6.28 for Mac which is the last version of Firefox to support PowerPC (PPC) Macs. Credit to an anonymous researcher working with the TippingPoint Zero Day Initiative for reporting this issue. This update addresses the issue through improved garbage collection. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution A memory corruption issue exists in WebCore's handling of style sheet elements. Credit to SkyLined of Google for reporting this issue. This update addresses the issue by performing additional validation of JavaScript array indices. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution A signedness issue in Safari's handling of JavaScript array indices may result in an out-of-bounds memory access. Credit to an anonymous researcher for reporting this issue." This update addresses the issue by properly clearing the form data. This may lead to the disclosure of sensitive information to a local user. Sensitive information may be disclosed to a local console user Disabling autocomplete on a form field may not prevent the data in the field from being stored in the browser page cache. The new release provides several security enhancements: Apple has released Safari 3.2 for Mac OS X 10.4.x and Mac OS X 10.5.x.