-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 21 Feb 2007 18:05:00 -0800 Source: firefox Binary: libnspr4 firefox-dom-inspector firefox-dev mozilla-firefox mozilla-firefox-dev libnss3 libnspr-dev firefox-gnome-support firefox-dbg libnss-dev firefox Architecture: all amd64 Version: 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1 Distribution: dapper-security Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Alexander Sack Description: firefox - lightweight web browser based on Mozilla firefox-dbg - Debugging information for firefox firefox-dev - Development files for Mozilla Firefox firefox-dom-inspector - tool for inspecting the DOM of pages in Mozilla Firefox firefox-gnome-support - Support for Gnome in Mozilla Firefox libnspr-dev - Netscape Portable Runtime library - development files libnspr4 - Netscape Portable Runtime Library libnss-dev - Network Security Service Libraries - development libnss3 - Network Security Service Libraries - runtime mozilla-firefox - Transition package for firefox rename mozilla-firefox-dev - dummy transitional package Changes: firefox (1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1) dapper-security; urgency=low . * New upstream security update: * MFSA2007-01 - Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2): - CVE-2007-0775 - layout engine crashes - CVE-2007-0776 - SVG - CVE-2007-0777 - javascript engine corruption * MFSA2007-02 - Improvements to help protect against Cross-Site Scripting attacks: - CVE-2007-0995 - Invalid trailing characters in HTML tag attributes - CVE-2007-0996 - Child frame character set inheritance - CVE-2006-6077 - Injected password forms * MFSA2007-03 aka CVE-2007-0778: Information disclosure through cache collisions * MFSA2007-04 aka CVE-2007-0779: Spoofing using custom cursor and CSS3 hotspot * MFSA2007-05 aka CVE-2007-0780, CVE-2007-0800: XSS and local file access by opening blocked popups * MFSA2007-06 aka CVE-2007-0008, CVE-2007-0009: Mozilla Network Security Services (NSS) SSLv2 buffer overflow * MFSA2007-07 aka CVE-2007-0981: Embedded nulls in location.hostname confuse same-domain checks * security/nss/lib/freebl/unix_rand.c: dropping preprocessor condition as an equivalent check has been introduced upstream (#ifndef LINUX -> #ifdef DO_NETSTAT) * security/coreconf/rules.mk: adapted patch to changed upstream code base * security/coreconf/Linux.mk: dropping ppc64 OS_TEST as it has been applied upstream * toolkit/components/passwordmgr/base/nsPasswordManager.cpp: adapting patch to updated code-base. Files: c66621583e808b88663b200ad3238f7a 9553646 web optional firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb f217f66f7563f80f309e065a44a08cfb 217360 web optional firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb 0b3738208c8069b8a5449a59ae604293 83620 web optional firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb 0e8e0cc7f0385fc74a953610f7f41c11 47439362 web optional firefox-dbg_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb a9c1cd1a790a715b6ad58785cb0eea01 2804532 devel optional firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb e1c0ab1f05132b717751783ccc0c22c1 163484 libs optional libnspr4_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb e4f1cc5b0c2edc41cf1e4c6aa3051a33 220158 libdevel optional libnspr-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb 53cb8cc7e3a7d346630184980df34ff5 710556 libs optional libnss3_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb 10d43347432618aaa140c081c20ed10f 245468 libdevel optional libnss-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFF40GO0N0xjzyQZEIRAqNBAJ0TVeRqs9H88ZsZlWoOh9snGeZzPgCfdoqR EGBSb/qxPmMpGrnku/bOsaU= =8fwM -----END PGP SIGNATURE-----