Ubuntu
xulrunner package

xulrunner 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.10.1 source package in Ubuntu

Changelog

xulrunner (1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.10.1) intrepid-security; urgency=low

  * New security upstream release - backports for ffox 3.0.8
    + Fixed on Firefox EOL branch
      - MFSA 2009-13 Arbitrary code execution through XUL <tree> element
      - MFSA 2009-12 XSL Transformation vulnerability
      - MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
      - MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
      - MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)
      - MFSA 2009-05 XMLHttpRequest allows reading HTTPOnly cookies
      - MFSA 2009-03 Local file stealing with SessionStore
      - MFSA 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6)
    + Fixed in Firefox 2.0.0.20
      - MFSA 2008-65 Cross-domain data theft via script redirect error message (Windows)
    + Fixed in Firefox 2.0.0.19
      - MFSA 2008-69 XSS vulnerabilities in SessionStore
      - MFSA 2008-68 XSS and JavaScript privilege escalation
      - MFSA 2008-67 Escaped null characters ignored by CSS parser
      - MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
      - MFSA 2008-65 Cross-domain data theft via script redirect error message
      - MFSA 2008-64 XMLHttpRequest 302 response disclosure
      - MFSA 2008-62 Additional XSS attack vectors in feed preview
      - MFSA 2008-61 Information stealing via loadBindingDocument
      - MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
    + Fixed in Firefox 2.0.0.18
      - MFSA 2008-58 Parsing error in E4X default namespace
      - MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
      - MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
      - MFSA 2008-55 Crash and remote code execution in nsFrameManager
      - MFSA 2008-54 Buffer overflow in http-index-format parser
      - MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
      - MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
      - MFSA 2008-50 Crash and remote code execution via __proto__ tampering
      - MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
      - MFSA 2008-48 Image stealing via canvas and HTTP redirect
      - MFSA 2008-47 Information stealing via local shortcut files
    + Fixed in Firefox 2.0.0.17
      - MFSA 2008-45 XBM image uninitialized memory reading
      - MFSA 2008-44 resource: traversal vulnerabilities
      - MFSA 2008-43 BOM characters stripped from JavaScript before execution
      - MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
      - MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
      - MFSA 2008-40 Forced mouse drag
      - MFSA 2008-39 Privilege escalation using feed preview page and XSS flaw
      - MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
      - MFSA 2008-37 UTF-8 URL stack buffer overflow

 -- Alexander Sack <email address hidden>   Tue, 31 Mar 2009 19:26:56 +0200

Upload details

Uploaded by:
Alexander Sack
Uploaded to:
Intrepid
Original maintainer:
MOTU
Architectures:
any
Section:
devel
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
xulrunner_1.8.1.18+nobinonly.b308.cvs20090331t155113.orig.tar.gz 43.7 MiB 18ed3df889ce4ed6f20aa2435909fbf1add4adc4a027fc4921bf62b4db1cad8c
xulrunner_1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.10.1.diff.gz 154.7 KiB 9e59fa03779688f804a37e20c5bb7965f6e7951120c1ea91c075dbb9d140e2bc
xulrunner_1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.10.1.dsc 2.6 KiB bbaf70b121202578d9958c3c5b3ac51c170f7b0c8126d37b2847a62c6792f969

View changes file

Binary packages built by this source

libmozillainterfaces-java: No summary available for libmozillainterfaces-java in ubuntu intrepid.

No description available for libmozillainterfaces-java in ubuntu intrepid.

libmozjs-dev: No summary available for libmozjs-dev in ubuntu intrepid.

No description available for libmozjs-dev in ubuntu intrepid.

libmozjs0d: No summary available for libmozjs0d in ubuntu intrepid.

No description available for libmozjs0d in ubuntu intrepid.

libmozjs0d-dbg: No summary available for libmozjs0d-dbg in ubuntu intrepid.

No description available for libmozjs0d-dbg in ubuntu intrepid.

libxul-common: No summary available for libxul-common in ubuntu intrepid.

No description available for libxul-common in ubuntu intrepid.

libxul-dev: No summary available for libxul-dev in ubuntu intrepid.

No description available for libxul-dev in ubuntu intrepid.

libxul0d: No summary available for libxul0d in ubuntu intrepid.

No description available for libxul0d in ubuntu intrepid.

libxul0d-dbg: No summary available for libxul0d-dbg in ubuntu intrepid.

No description available for libxul0d-dbg in ubuntu intrepid.

python-xpcom: No summary available for python-xpcom in ubuntu intrepid.

No description available for python-xpcom in ubuntu intrepid.

spidermonkey-bin: No summary available for spidermonkey-bin in ubuntu intrepid.

No description available for spidermonkey-bin in ubuntu intrepid.

xulrunner: No summary available for xulrunner in ubuntu intrepid.

No description available for xulrunner in ubuntu intrepid.

xulrunner-gnome-support: No summary available for xulrunner-gnome-support in ubuntu intrepid.

No description available for xulrunner-gnome-support in ubuntu intrepid.