-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 6 Jun 2006 14:32:13 +0100 Source: firefox Binary: libnspr4 firefox-dom-inspector firefox-dev mozilla-firefox mozilla-firefox-dev libnss3 libnspr-dev firefox-gnome-support firefox-dbg libnss-dev firefox Architecture: all hppa Version: 1.5.dfsg+1.5.0.4-0ubuntu6.06 Distribution: dapper-security Urgency: low Maintainer: Ubuntu/hppa Build Daemon Changed-By: Ian Jackson Description: firefox - lightweight web browser based on Mozilla firefox-dbg - Debugging information for firefox firefox-dev - Development files for Mozilla Firefox firefox-dom-inspector - tool for inspecting the DOM of pages in Mozilla Firefox firefox-gnome-support - Support for Gnome in Mozilla Firefox libnspr-dev - Netscape Portable Runtime library - development files libnspr4 - Netscape Portable Runtime Library libnss-dev - Network Security Service Libraries - development libnss3 - Network Security Service Libraries - runtime mozilla-firefox - Transition package for firefox rename mozilla-firefox-dev - dummy transitional package Changes: firefox (1.5.dfsg+1.5.0.4-0ubuntu6.06) dapper-security; urgency=low . * New upstream version, 1.5.0.4, security/stability fixes from upstream. This is known to include the following security fixes: - MFSA 2006-43, CVE-2006-2777: Privilege escalation using addSelectionListener - MFSA 2006-42, CVE-2006-2783: Web site XSS using BOM on UTF-8 pages - MFSA 2006-41, CVE-2006-2782: File stealing by changing input type (variant) - MFSA 2006-38, CVE-2006-2778: Buffer overflow in crypto.signText() - MFSA 2006-37, CVE-2006-2776: Remote compromise via content-defined setter on object prototypes - MFSA 2006-36, CVE-2006-2784: PLUGINSPAGE privileged JavaScript execution 2 - MFSA 2006-35, CVE-2006-2775: Privilege escalation through XUL persist - MFSA 2006-34, CVE-2006-2785: XSS viewing javascript: frames or images from context menu - MFSA 2006-33, CVE-2006-2786: HTTP response smuggling - MFSA 2006-32, CVE-2006-2779, CVE-2006-2780: Fixes for crashes with potential memory corruption - MFSA 2006-31, CVE-2006-2787: EvalInSandbox escape (Proxy Autoconfig, Greasemonkey) - CVE-2006-2788: Double memory free in nsIX509::getRawDER when called from JavaScript (Mozilla bug #321598) This package is based on Debian's firefox_1.5.dfsg+1.5.0.4.orig.tar.gz but has none of the corresponding Debian changes. Files: c47b44063fcb202ffe600f924be0957b 10546860 web optional firefox_1.5.dfsg+1.5.0.4-0ubuntu6.06_hppa.deb 9801b338e5b20370d0aba413b65b45a1 218424 web optional firefox-dom-inspector_1.5.dfsg+1.5.0.4-0ubuntu6.06_hppa.deb 605aacf3f80e6619bd1741ce5f9e1c33 83322 web optional firefox-gnome-support_1.5.dfsg+1.5.0.4-0ubuntu6.06_hppa.deb f2b30f292b4b06fd3817263410aa00a9 47844438 web optional firefox-dbg_1.5.dfsg+1.5.0.4-0ubuntu6.06_hppa.deb d9f6cd4c3384c04e2e15446cf7d68fd7 2796212 devel optional firefox-dev_1.5.dfsg+1.5.0.4-0ubuntu6.06_hppa.deb 3f18d2a875145d305fed3afe81250b74 172162 libs optional libnspr4_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_hppa.deb 1ac40c638d1a872f419424326a208d67 218440 libdevel optional libnspr-dev_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_hppa.deb 61cf3fc3bb0ada1474b7a66ee359963f 821018 libs optional libnss3_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_hppa.deb 5cdbd13fb1afbde87532004f1d646bec 235384 libdevel optional libnss-dev_1.firefox1.5.dfsg+1.5.0.4-0ubuntu6.06_hppa.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFEiHHD0N0xjzyQZEIRAtcoAJ9IL9e5tb1fZnacplUEyDKPn/HkzwCdHl2c vd/B+ub50N7D5IFIKKdiX40= =LpIF -----END PGP SIGNATURE-----