firefox 1.0.8-0ubuntu5.10.1 source package in Ubuntu

Changelog

firefox (1.0.8-0ubuntu5.10.1) breezy-security; urgency=low

  Security fix from Eric Dorland:

  * content/xul/templates/src/nsXULContentUtils.cpp,
    content/xul/templates/src/nsXULSortService.cpp: A couple of patches
    from Alexander Sack to fix regressions caused by the previous security
    fixes.

  All security fixes prepared by Alexander Sack:

  * js/src/jsfun.c, js/src/jsinterp.c,
    netwerk/base/src/nsProxyAutoConfig.js: Fix for CVE-2006-2787, aka
    mfsa2006-31.
  * netwerk/protocol/http/src/nsHttp.cpp,
    netwerk/protocol/http/src/nsHttp.h,
    netwerk/protocol/http/src/nsHttpChannel.cpp,
    netwerk/protocol/http/src/nsHttpHeaderArray.cpp,
    netwerk/protocol/http/src/nsHttpTransaction.cpp: Fix for
    CVE-2006-2786, aka mfsa2006-33.
  * browser/base/content/browser.js,
    xpfe/browser/resources/content/nsBrowserStatusHandler.js,
    xpfe/communicator/resources/content/nsContextMenu.js,
    xpfe/communicator/resources/content/utilityOverlay.js: Fix for "XSS
    viewing javascript: frames or images from context menu", CVE-2006-2785
    aka mfsa2006-34.
  * content/xul/document/src/nsXULDocument.cpp,
    content/xul/templates/src/nsXULContentUtils.cpp,
    content/xul/templates/src/nsXULContentUtils.h,
    content/xul/templates/src/nsXULSortService.cpp: Fix for "Privilege
    escalation through XUL persist", CVE-2006-2775 aka mfsa2006-35.
  * caps/src/nsScriptSecurityManager.cpp: Fix for "PLUGINSPAGE privileged
    JavaScript execution II", CVE-2006-2784 aka mfsa2006-36.
  * dom/src/base/nsDOMClassInfo.cpp, dom/src/base/nsGlobalWindow.cpp: Fix
    for "Remote compromise via content-defined setter on object
    prototypes", CVE-2006-2776 aka mfsa2006-37.
  * security/manager/ssl/src/nsCrypto.cpp: Fix for "Buffer overflow in
    crypto.signText()", CVE-2006-2778 aka mfsa2006-38.
  * browser/base/content/contentAreaUtils.js,
    caps/src/nsScriptSecurityManager.cpp: Fix for ""View Image" local
    resource linking (Windows)", CVE-2006-1942 aka mfsa2006-39.
  * content/html/content/public/Makefile.in,
    content/html/content/public/nsIFileControlElement.h,
    content/html/content/src/nsHTMLInputElement.cpp,
    content/shared/public/nsHTMLAtomList.h,
    layout/html/forms/src/nsFileControlFrame.cpp,
    layout/html/forms/src/nsFileControlFrame.h: Fix for "File stealing by
    changing input type (variant)", CVE-2006-2782 aka mfsa2006-41.
  * intl/uconv/src/nsUTF8ToUnicode.cpp, intl/uconv/src/nsUTF8ToUnicode.h:
    Fix for " Web site XSS using BOM on UTF-8 pages", CVE-2006-2783 aka
    mfsa2006-42.
  * modules/libpref/src/init/all.js: Fix for "Privilege escalation using
    addSelectionListener", CVE-2006-2777 aka mfsa2006-43.

  * content/base/public/nsContentUtils.h,
    content/base/src/nsContentUtils.cpp,
    content/xul/templates/src/nsXULTreeBuilder.cpp,
    layout/xul/base/src/tree/public/nsITreeView.idl,
    layout/xul/base/src/tree/src/nsTreeBoxObject.cpp,
    layout/xul/base/src/tree/src/nsTreeContentView.h,
    content/base/src/nsDocument.cpp, layout/xul/base/src/nsBoxObject.cpp,
    content/html/document/src/nsHTMLContentSink.cpp, js/src/jsstr.c,
    content/xbl/src/nsXBLProtoImplProperty.cpp: Various patches for
    CVE-2006-2779 and CVE-2006-2780 aka mfsa2006-32. Note that this fix is
    incomplete, and is missing the fixes from bz#324918, bz#325730 and
    bz#329982

 -- Ian Jackson <email address hidden>   Mon, 24 Jul 2006 11:56:36 +0100

Upload details

Uploaded by:
Ian Jackson
Uploaded to:
Breezy
Original maintainer:
Eric Dorland
Architectures:
any
Section:
web
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
firefox_1.0.8.orig.tar.gz 39.6 MiB 7973393dc00b89bb4d0f5e3e3d253cfe1ba87868c6a181ebaf2aeb48dca92369
firefox_1.0.8-0ubuntu5.10.1.diff.gz 835.1 KiB 81e8906789c9edf8b5c78265f0a2eb6f42d4061dfc90d851556bebd1530ef2df
firefox_1.0.8-0ubuntu5.10.1.dsc 998 bytes 4b2d19bef90aa7da20a3b11f177dca0b173bfabd9fba0c2a143c990c951f8b45

View changes file

Binary packages built by this source

firefox: No summary available for firefox in ubuntu breezy.

No description available for firefox in ubuntu breezy.

firefox-dev: No summary available for firefox-dev in ubuntu breezy.

No description available for firefox-dev in ubuntu breezy.

firefox-dom-inspector: No summary available for firefox-dom-inspector in ubuntu breezy.

No description available for firefox-dom-inspector in ubuntu breezy.

firefox-gnome-support: No summary available for firefox-gnome-support in ubuntu breezy.

No description available for firefox-gnome-support in ubuntu breezy.

mozilla-firefox: No summary available for mozilla-firefox in ubuntu breezy.

No description available for mozilla-firefox in ubuntu breezy.

mozilla-firefox-dev: No summary available for mozilla-firefox-dev in ubuntu breezy.

No description available for mozilla-firefox-dev in ubuntu breezy.