mozilla-firefox 1.0.8-0ubuntu4.10 source package in Ubuntu

Changelog

mozilla-firefox (1.0.8-0ubuntu4.10) warty-security; urgency=low

  * New upstream release which fixes the following vulnerabilities:
    - MFSA 2006-25, CVE-2006-1727: Privilege escalation through Print Preview
    - MFSA 2006-24, CVE-2006-1728: Privilege escalation using
      crypto.generateCRMFRequest
    - MFSA 2006-23, CVE-2006-1729: File stealing by changing input type
    - MFSA 2006-22, CVE-2006-1730: CSS Letter-Spacing Heap Overflow
      Vulnerability
    - MFSA 2006-19, CVE-2006-1731: Cross-site scripting using .valueOf.call()
    - MFSA 2006-18, CVE-2006-0749: Mozilla Firefox Tag Order Vulnerability
    - MFSA 2006-17, CVE-2006-1732: cross-site scripting through
      window.controllers
    - MFSA 2006-16, CVE-2006-1733: Accessing XBL compilation scope via
      valueOf.call()
    - MFSA 2006-15, CVE-2006-1734: Privilege escalation using a JavaScript
      function's cloned parent
    - MFSA 2006-14, CVE-2006-1735: Privilege escalation via XBL.method.eval
    - MFSA 2006-13, CVE-2006-1736: Downloading executables with "Save Image
      As..."
    - MFSA 2006-12, CVE-2006-1740: Secure-site spoof (requires security
      warning dialog)
    - MFSA 2006-11, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,
      CVE-2006-1790: Crashes with evidence of memory corruption (rv:1.8)
    - MFSA 2006-10, CVE-2006-1742: JavaScript garbage-collection hazard audit
    - MFSA 2006-09, CVE-2006-1741: Cross-site JavaScript injection using event
      handlers
    - MFSA 2006-05, CVE-2006-0296: Localstore.rdf XML injection through
      XULDocument.persist()
    - MFSA 2006-03, CVE-2005-4134: Long document title causes startup denial
      of Service
    - MFSA 2006-01, CVE-2006-0292: JavaScript garbage-collection hazards

 -- Martin Pitt <email address hidden>   Tue, 18 Apr 2006 12:35:38 +0000