-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 27 Jul 2006 12:13:37 +0100 Source: firefox Binary: libnspr4 firefox-dom-inspector firefox-dev mozilla-firefox mozilla-firefox-dev libnss3 libnspr-dev firefox-gnome-support firefox-dbg libnss-dev firefox Architecture: all i386 Version: 1.5.dfsg+1.5.0.5-0ubuntu6.06 Distribution: dapper-security Urgency: low Maintainer: Ubuntu/i386 Build Daemon Changed-By: Ian Jackson Description: firefox - lightweight web browser based on Mozilla firefox-dbg - Debugging information for firefox firefox-dev - Development files for Mozilla Firefox firefox-dom-inspector - tool for inspecting the DOM of pages in Mozilla Firefox firefox-gnome-support - Support for Gnome in Mozilla Firefox libnspr-dev - Netscape Portable Runtime library - development files libnspr4 - Netscape Portable Runtime Library libnss-dev - Network Security Service Libraries - development libnss3 - Network Security Service Libraries - runtime mozilla-firefox - Transition package for firefox rename mozilla-firefox-dev - dummy transitional package Changes: firefox (1.5.dfsg+1.5.0.5-0ubuntu6.06) dapper-security; urgency=low . * New upstream version 1.5.0.5, `security and stability fixes'. - MFSA 2006-44, CVE-2006-3801: Code execution through deleted frame reference [does not affect 1.0] - MFSA 2006-45, CVE-2006-3677: Javascript navigator Object Vulnerability [does not affect 1.0] - MFSA 2006-46, CVE-2006-3113: Memory corruption with simultaneous events [does not affect 1.0] - MFSA 2006-47, CVE-2006-3802: Native DOM methods can be hijacked across domains [does not affect 1.0] - MFSA 2006-48, CVE-2006-3803: JavaScript new Function race condition [does not affect 1.0] - MFSA 2006-50, CVE-2006-3805, CVE-2006-3806: JavaScript engine vulnerabilities - MFSA 2006-51, CVE-2006-3807: Privilege escalation using named-functions and redefined "new Object()" - MFSA 2006-52, CVE-2006-3808: PAC privilege escalation using Function.prototype.call - MFSA 2006-53, CVE-2006-3809: UniversalBrowserRead privilege escalation - MFSA 2006-54, CVE-2006-3810: XSS with XPCNativeWrapper (window).Function(...) [does not affect 1.0] - MFSA 2006-55, CVE-2006-3811: Crashes with evidence of memory corruption (rv:1.8.0.5) - MFSA 2006-56, CVE-2006-3812: chrome: scheme loading remote content * The above includes upstream's different fixes for Malone 45395's two crashing bugs in nsCopySupport.cpp and nsHTMLFormatConverter.cpp. * Reran autoconf2.13. Files: 40ebfe4330af25c2359f8b25b039ed5e 7916536 web optional firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb 50e174c1c7290fca51f9e1ee71ebb56c 209546 web optional firefox-dom-inspector_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb 25ba86caeeb1a88da4493875178a3636 74732 web optional firefox-gnome-support_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb c1fa4a40187d9c5b58bd049edb00ce54 50078 web optional mozilla-firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06_all.deb a7e4a535262f8a5d5cb0ace7ed785237 43837610 web optional firefox-dbg_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb 4509dbf62e3fd2cda7168c20aa65ba4f 2796700 devel optional firefox-dev_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb 850dd650e7f876dd539e605d9b3026c8 49190 devel optional mozilla-firefox-dev_1.5.dfsg+1.5.0.5-0ubuntu6.06_all.deb c1a5c5cc4371b228093d03d9ed7ad607 146570 libs optional libnspr4_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb 6066f59acbce1b4de2dc284b5801efc5 218822 libdevel optional libnspr-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb d537a4771b80e5c06f18b2c5d7e5d384 669556 libs optional libnss3_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb 0e9a1a89f63a9869b875ee6a50547c2b 235754 libdevel optional libnss-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEyNWP0N0xjzyQZEIRAvC0AJ9tBdpDRuFRYTRcYNOk+5mU4+/g9ACeLGQ7 NgTRhz8GrLD1av1zRUXtgsA= =2f75 -----END PGP SIGNATURE-----