xulrunner 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1 source package in Ubuntu
Changelog
xulrunner (1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1) gutsy-security; urgency=low
* two years worth of security updates for gutsy-security xulrunner 1.8
+ Fixed on Firefox EOL branch
- MFSA 2009-13 Arbitrary code execution through XUL <tree> element
- MFSA 2009-12 XSL Transformation vulnerability
- MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
- MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
- MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)
- MFSA 2009-05 XMLHttpRequest allows reading HTTPOnly cookies
- MFSA 2009-03 Local file stealing with SessionStore
- MFSA 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6)
+ Fixed in Firefox 2.0.0.20
- MFSA 2008-65 Cross-domain data theft via script redirect error message (Windows)
+ Fixed in Firefox 2.0.0.19
- MFSA 2008-69 XSS vulnerabilities in SessionStore
- MFSA 2008-68 XSS and JavaScript privilege escalation
- MFSA 2008-67 Escaped null characters ignored by CSS parser
- MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
- MFSA 2008-65 Cross-domain data theft via script redirect error message
- MFSA 2008-64 XMLHttpRequest 302 response disclosure
- MFSA 2008-62 Additional XSS attack vectors in feed preview
- MFSA 2008-61 Information stealing via loadBindingDocument
- MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
+ Fixed in Firefox 2.0.0.18
- MFSA 2008-58 Parsing error in E4X default namespace
- MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
- MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
- MFSA 2008-55 Crash and remote code execution in nsFrameManager
- MFSA 2008-54 Buffer overflow in http-index-format parser
- MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
- MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
- MFSA 2008-50 Crash and remote code execution via __proto__ tampering
- MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
- MFSA 2008-48 Image stealing via canvas and HTTP redirect
- MFSA 2008-47 Information stealing via local shortcut files
+ Fixed in Firefox 2.0.0.17
- MFSA 2008-45 XBM image uninitialized memory reading
- MFSA 2008-44 resource: traversal vulnerabilities
- MFSA 2008-43 BOM characters stripped from JavaScript before execution
- MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
- MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
- MFSA 2008-40 Forced mouse drag
- MFSA 2008-39 Privilege escalation using feed preview page and XSS flaw
- MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
- MFSA 2008-37 UTF-8 URL stack buffer overflow
+ Fixed in Firefox 2.0.0.16
- MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running
- MFSA 2008-34 Remote code execution by overflowing CSS reference counter
+ Fixed in Firefox 2.0.0.15
- MFSA 2008-33 Crash and remote code execution in block reflow
- MFSA 2008-32 Remote site run as local file via Windows URL shortcut
- MFSA 2008-31 Peer-trusted certs can use alt names to spoof
- MFSA 2008-30 File location URL in directory listings not escaped properly
- MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
- MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
- MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
- MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
- MFSA 2008-24 Chrome script loading from fastload file
- MFSA 2008-23 Signed JAR tampering
- MFSA 2008-22 XSS through JavaScript same-origin violation
- MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)
+ Fixed in Firefox 2.0.0.14
- MFSA 2008-20 Crash in JavaScript garbage collector
+ Fixed in Firefox 2.0.0.13
- MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
- MFSA 2008-18 Java socket connection to any local port via LiveConnect
- MFSA 2008-17 Privacy issue with SSL Client Authentication
- MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
- MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)
- MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution
+ Fixed in Firefox 2.0.0.12
- MFSA 2008-13 Multiple XSS vulnerabilities from character encoding
- MFSA 2008-11 Web forgery overwrite with div overlay
- MFSA 2008-10 URL token stealing via stylesheet redirect
- MFSA 2008-09 Mishandling of locally-saved plain text files
- MFSA 2008-08 File action dialog tampering
- MFSA 2008-07 Possible information disclosure in BMP decoder
- MFSA 2008-06 Web browsing history and forward navigation stealing
- MFSA 2008-05 Directory traversal via chrome: URI
- MFSA 2008-04 Stored password corruption
- MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
- MFSA 2008-02 Multiple file input focus stealing vulnerabilities
- MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
+ Fixed in Firefox 2.0.0.11
- Firefox 2.0.0.11 fixed a bug introduced by the 2.0.0.10 update in the <canvas>
feature that affected some web pages and extensions. There were no security-related
fixes in this release.
+ Fixed in Firefox 2.0.0.10
- MFSA 2007-39 Referer-spoofing via window.location race condition
- MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10)
- MFSA 2007-37 jar: URI scheme XSS hazard
+ Fixed in Firefox 2.0.0.9
- Firefox 2.0.0.9 fixed a small number of rendering bugs introduced by the 2.0.0.8 release;
there were no security fixes.
+ Fixed in Firefox 2.0.0.8
- MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
- MFSA 2007-35 XPCNativeWrapper pollution using Script object
- MFSA 2007-34 Possible file stealing through sftp protocol
- MFSA 2007-33 XUL pages can hide the window titlebar
- MFSA 2007-32 File input focus stealing vulnerability
- MFSA 2007-31 Browser digest authentication request splitting
- MFSA 2007-30 onUnload Tailgating
- MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)
+ Fixed in Firefox 2.0.0.7
- MFSA 2007-28 Code execution via QuickTime Media-link files
+ Fixed in Firefox 2.0.0.6
- MFSA 2007-27 Unescaped URIs passed to external programs
- MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows
+ Fixed in Firefox 2.0.0.5
- MFSA 2007-25 XPCNativeWrapper pollution
- MFSA 2007-24 Unauthorized access to wyciwyg:// documents
- MFSA 2007-23 Remote code execution by launching Firefox from Internet Explorer
- MFSA 2007-22 File type confusion due to %00 in name
- MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document
- MFSA 2007-20 Frame spoofing while window is loading
- MFSA 2007-19 XSS using addEventListener and setTimeout
- MFSA 2007-18 Crashes with evidence of memory corruption (rv:1.8.1.5)
* drop patches applied upstream
- delete debian/patches/35_psm_wakeups.dpatch
- delete debian/patches/88_bz384304_lp117575_linkrecursion_fix_in_startscript.dpatch
- update debian/patches/00list accordingly.
* adjust diverged patches
- update debian/patches/99_configure.dpatch
-- Alexander Sack <email address hidden> Tue, 31 Mar 2009 15:57:00 +0200
Upload details
- Uploaded by:
- Alexander Sack
- Uploaded to:
- Gutsy
- Original maintainer:
- MOTU
- Architectures:
- any
- Section:
- devel
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| xulrunner_1.8.1.18+nobinonly.b308.cvs20090331t155113.orig.tar.gz | 43.7 MiB | 18ed3df889ce4ed6f20aa2435909fbf1add4adc4a027fc4921bf62b4db1cad8c |
| xulrunner_1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1.diff.gz | 161.2 KiB | 5640e87df83468f7472d60c39bb2d1beca273d58fec909a860185c41400ce506 |
| xulrunner_1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1.dsc | 2.6 KiB | 4edd4a72dac4e83bdb3909a5747064d8931fe25922028f644ff64565ac21bf2e |
Available diffs
Binary packages built by this source
- libmozillainterfaces-java: No summary available for libmozillainterfaces-java in ubuntu gutsy.
No description available for libmozillainter
faces-java in ubuntu gutsy.
- libmozjs-dev: No summary available for libmozjs-dev in ubuntu gutsy.
No description available for libmozjs-dev in ubuntu gutsy.
- libmozjs0d: No summary available for libmozjs0d in ubuntu gutsy.
No description available for libmozjs0d in ubuntu gutsy.
- libmozjs0d-dbg: No summary available for libmozjs0d-dbg in ubuntu gutsy.
No description available for libmozjs0d-dbg in ubuntu gutsy.
- libxul-common: No summary available for libxul-common in ubuntu gutsy.
No description available for libxul-common in ubuntu gutsy.
- libxul-dev: No summary available for libxul-dev in ubuntu gutsy.
No description available for libxul-dev in ubuntu gutsy.
- libxul0d: No summary available for libxul0d in ubuntu gutsy.
No description available for libxul0d in ubuntu gutsy.
- libxul0d-dbg: No summary available for libxul0d-dbg in ubuntu gutsy.
No description available for libxul0d-dbg in ubuntu gutsy.
- python-xpcom: No summary available for python-xpcom in ubuntu gutsy.
No description available for python-xpcom in ubuntu gutsy.
- spidermonkey-bin: No summary available for spidermonkey-bin in ubuntu gutsy.
No description available for spidermonkey-bin in ubuntu gutsy.
- xulrunner: No summary available for xulrunner in ubuntu gutsy.
No description available for xulrunner in ubuntu gutsy.
- xulrunner-gnome-support: No summary available for xulrunner-gnome-support in ubuntu gutsy.
No description available for xulrunner-
gnome-support in ubuntu gutsy.
