-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 27 Jul 2006 12:13:37 +0100 Source: firefox Binary: libnspr4 firefox-dom-inspector firefox-dev mozilla-firefox mozilla-firefox-dev libnss3 libnspr-dev firefox-gnome-support firefox-dbg libnss-dev firefox Architecture: all powerpc Version: 1.5.dfsg+1.5.0.5-0ubuntu6.06 Distribution: dapper-security Urgency: low Maintainer: Ubuntu/powerpc Build Daemon Changed-By: Ian Jackson Description: firefox - lightweight web browser based on Mozilla firefox-dbg - Debugging information for firefox firefox-dev - Development files for Mozilla Firefox firefox-dom-inspector - tool for inspecting the DOM of pages in Mozilla Firefox firefox-gnome-support - Support for Gnome in Mozilla Firefox libnspr-dev - Netscape Portable Runtime library - development files libnspr4 - Netscape Portable Runtime Library libnss-dev - Network Security Service Libraries - development libnss3 - Network Security Service Libraries - runtime mozilla-firefox - Transition package for firefox rename mozilla-firefox-dev - dummy transitional package Changes: firefox (1.5.dfsg+1.5.0.5-0ubuntu6.06) dapper-security; urgency=low . * New upstream version 1.5.0.5, `security and stability fixes'. - MFSA 2006-44, CVE-2006-3801: Code execution through deleted frame reference [does not affect 1.0] - MFSA 2006-45, CVE-2006-3677: Javascript navigator Object Vulnerability [does not affect 1.0] - MFSA 2006-46, CVE-2006-3113: Memory corruption with simultaneous events [does not affect 1.0] - MFSA 2006-47, CVE-2006-3802: Native DOM methods can be hijacked across domains [does not affect 1.0] - MFSA 2006-48, CVE-2006-3803: JavaScript new Function race condition [does not affect 1.0] - MFSA 2006-50, CVE-2006-3805, CVE-2006-3806: JavaScript engine vulnerabilities - MFSA 2006-51, CVE-2006-3807: Privilege escalation using named-functions and redefined "new Object()" - MFSA 2006-52, CVE-2006-3808: PAC privilege escalation using Function.prototype.call - MFSA 2006-53, CVE-2006-3809: UniversalBrowserRead privilege escalation - MFSA 2006-54, CVE-2006-3810: XSS with XPCNativeWrapper (window).Function(...) [does not affect 1.0] - MFSA 2006-55, CVE-2006-3811: Crashes with evidence of memory corruption (rv:1.8.0.5) - MFSA 2006-56, CVE-2006-3812: chrome: scheme loading remote content * The above includes upstream's different fixes for Malone 45395's two crashing bugs in nsCopySupport.cpp and nsHTMLFormatConverter.cpp. * Reran autoconf2.13. Files: ed3927484eea5fccf84a2840640febf3 9019132 web optional firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb a396e119a32303afc024d513b997c84e 212982 web optional firefox-dom-inspector_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb ef7841bb2ab8de0e0c44e59c893b1622 77894 web optional firefox-gnome-support_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb 479d29e08ff2b9cef89a6da3285c0aad 48648192 web optional firefox-dbg_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb 60b97738bfc3b8b32914487bb4aba239 2796790 devel optional firefox-dev_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb 7d5d6100727ceb894695b219cec11e43 159112 libs optional libnspr4_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb a2338c3c8064a304deb752bf32a291f8 218826 libdevel optional libnspr-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb 8dc6cc8c54185d57af14bab3bee39f9d 768332 libs optional libnss3_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb 69085beb145222fea07d2d6c19158a2d 235754 libdevel optional libnss-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEyNa60N0xjzyQZEIRApzOAJ4wK5tKWltcGBwkSJS9xyvvC8U6NQCeJ6M/ TDyJmYHqUzp4JBDLN5Vl4so= =SW4R -----END PGP SIGNATURE-----