-
firefox (1.5.dfsg+1.5.0.11-0ubuntu0.5.10.1) breezy-security; urgency=low
* New upstream stability and security update
* MFSA2007-11 aka CVE-2007-1562: FTP PASV port-scanning
-- Alexander Sack <email address hidden> Sat, 24 Mar 2007 20:00:00 +0100
-
firefox (1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1) breezy-security; urgency=low
* New upstream security update:
* MFSA2007-01 - Crashes with evidence of memory corruption
(rv:1.8.0.10/1.8.1.2):
- CVE-2007-0775 - layout engine crashes
- CVE-2007-0776 - SVG
- CVE-2007-0777 - javascript engine corruption
* MFSA2007-02 - Improvements to help protect against Cross-Site
Scripting attacks:
- CVE-2007-0995 - Invalid trailing characters in HTML tag attributes
- CVE-2007-0996 - Child frame character set inheritance
- CVE-2006-6077 - Injected password forms
* MFSA2007-03 aka CVE-2007-0778: Information disclosure through cache
collisions
* MFSA2007-04 aka CVE-2007-0779: Spoofing using custom cursor and CSS3
hotspot
* MFSA2007-05 aka CVE-2007-0780, CVE-2007-0800: XSS and local file access
by opening blocked popups
* MFSA2007-06 aka CVE-2007-0008, CVE-2007-0009: Mozilla Network Security
Services (NSS) SSLv2 buffer overflow
* MFSA2007-07 aka CVE-2007-0981: Embedded nulls in location.hostname
confuse same-domain checks
* security/nss/lib/freebl/unix_rand.c: drop no-netstat on linux patch, as
this is now dealt with by #ifdef DO_NETSTAT
* toolkit/components/passwordmgr/base/nsPasswordManager.cpp: adapt to
changes in underlying codebase
* security/coreconf/rules.mk: some ppc64 code has been applied upstream;
dropping our patch.
-- Alexander Sack <email address hidden> Wed, 21 Jan 2007 18:00:00 +0100
-
firefox (1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1) breezy-security; urgency=low
* toolkit/components/passwordmgr/base/nsPasswordManager.cpp: Regression
fix for crashes on auto-filling forms without usernames (Closes LP#77859).
-- Kees Cook <email address hidden> Fri, 26 Jan 2007 10:36:49 -0800
-
firefox (1.5.dfsg+1.5.0.9-0ubuntu0.5.10) breezy-security; urgency=low
* New upstream security update:
- CVE-2006-6504, MFSA 2006-73: SVG Processing Remote Code Execution.
- CVE-2006-6503, MFSA 2006-72: XSS by setting img.src to javascript: URI.
- CVE-2006-6502, MFSA 2006-71: LiveConnect crash finalizing JS objects.
- CVE-2006-6501, MFSA 2006-70: Privilege escallation using watch point.
- CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, MFSA 2006-68: Crashes
with evidence of memory corruption.
-- Kees Cook <email address hidden> Tue, 2 Jan 2007 11:30:36 -0800
-
firefox (1.5.dfsg+1.5.0.8-0ubuntu0.5.10) breezy-security; urgency=low
* New upstream security update:
- CVE-2006-5463, MFSA 2006-67: Running Script can be recompiled.
- CVE-2006-5462, MFSA 2006-66: RSA signature forgery (variant).
- CVE-2006-5464, CVE-2006-5747, CVE-2006-5748, MFSA 2006-65: Crashes with
evidence of memory corruption.
-- Martin Pitt <email address hidden> Tue, 14 Nov 2006 18:20:10 -0800
-
firefox (1.5.dfsg+1.5.0.7-0ubuntu5.10.3) breezy-security; urgency=low
* Backported Firefox 1.5 to Breezy for security support,
using new upstream version 1.5.0.7 (tarball from Debian).
* Removed references to FC_ANY_METRICS.
* libnspr and libnss packages not shipped from here in Breezy; leave
those libraries in /usr/lib/firefox and adjust .pc files accordingly.
* Do not provide firefox-dbg.
* Completely disable `mstone' homepage override feature.
-- Ian Jackson <email address hidden> Tue, 26 Sep 2006 13:05:42 +0100
-
firefox (1.0.8-0ubuntu5.10.1) breezy-security; urgency=low
Security fix from Eric Dorland:
* content/xul/templates/src/nsXULContentUtils.cpp,
content/xul/templates/src/nsXULSortService.cpp: A couple of patches
from Alexander Sack to fix regressions caused by the previous security
fixes.
All security fixes prepared by Alexander Sack:
* js/src/jsfun.c, js/src/jsinterp.c,
netwerk/base/src/nsProxyAutoConfig.js: Fix for CVE-2006-2787, aka
mfsa2006-31.
* netwerk/protocol/http/src/nsHttp.cpp,
netwerk/protocol/http/src/nsHttp.h,
netwerk/protocol/http/src/nsHttpChannel.cpp,
netwerk/protocol/http/src/nsHttpHeaderArray.cpp,
netwerk/protocol/http/src/nsHttpTransaction.cpp: Fix for
CVE-2006-2786, aka mfsa2006-33.
* browser/base/content/browser.js,
xpfe/browser/resources/content/nsBrowserStatusHandler.js,
xpfe/communicator/resources/content/nsContextMenu.js,
xpfe/communicator/resources/content/utilityOverlay.js: Fix for "XSS
viewing javascript: frames or images from context menu", CVE-2006-2785
aka mfsa2006-34.
* content/xul/document/src/nsXULDocument.cpp,
content/xul/templates/src/nsXULContentUtils.cpp,
content/xul/templates/src/nsXULContentUtils.h,
content/xul/templates/src/nsXULSortService.cpp: Fix for "Privilege
escalation through XUL persist", CVE-2006-2775 aka mfsa2006-35.
* caps/src/nsScriptSecurityManager.cpp: Fix for "PLUGINSPAGE privileged
JavaScript execution II", CVE-2006-2784 aka mfsa2006-36.
* dom/src/base/nsDOMClassInfo.cpp, dom/src/base/nsGlobalWindow.cpp: Fix
for "Remote compromise via content-defined setter on object
prototypes", CVE-2006-2776 aka mfsa2006-37.
* security/manager/ssl/src/nsCrypto.cpp: Fix for "Buffer overflow in
crypto.signText()", CVE-2006-2778 aka mfsa2006-38.
* browser/base/content/contentAreaUtils.js,
caps/src/nsScriptSecurityManager.cpp: Fix for ""View Image" local
resource linking (Windows)", CVE-2006-1942 aka mfsa2006-39.
* content/html/content/public/Makefile.in,
content/html/content/public/nsIFileControlElement.h,
content/html/content/src/nsHTMLInputElement.cpp,
content/shared/public/nsHTMLAtomList.h,
layout/html/forms/src/nsFileControlFrame.cpp,
layout/html/forms/src/nsFileControlFrame.h: Fix for "File stealing by
changing input type (variant)", CVE-2006-2782 aka mfsa2006-41.
* intl/uconv/src/nsUTF8ToUnicode.cpp, intl/uconv/src/nsUTF8ToUnicode.h:
Fix for " Web site XSS using BOM on UTF-8 pages", CVE-2006-2783 aka
mfsa2006-42.
* modules/libpref/src/init/all.js: Fix for "Privilege escalation using
addSelectionListener", CVE-2006-2777 aka mfsa2006-43.
* content/base/public/nsContentUtils.h,
content/base/src/nsContentUtils.cpp,
content/xul/templates/src/nsXULTreeBuilder.cpp,
layout/xul/base/src/tree/public/nsITreeView.idl,
layout/xul/base/src/tree/src/nsTreeBoxObject.cpp,
layout/xul/base/src/tree/src/nsTreeContentView.h,
content/base/src/nsDocument.cpp, layout/xul/base/src/nsBoxObject.cpp,
content/html/document/src/nsHTMLContentSink.cpp, js/src/jsstr.c,
content/xbl/src/nsXBLProtoImplProperty.cpp: Various patches for
CVE-2006-2779 and CVE-2006-2780 aka mfsa2006-32. Note that this fix is
incomplete, and is missing the fixes from bz#324918, bz#325730 and
bz#329982
-- Ian Jackson <email address hidden> Mon, 24 Jul 2006 11:56:36 +0100
-
firefox (1.0.8-0ubuntu5.10) breezy-security; urgency=low
* New upstream release which fixes the following vulnerabilities:
- MFSA 2006-25, CVE-2006-1727: Privilege escalation through Print Preview
- MFSA 2006-24, CVE-2006-1728: Privilege escalation using
crypto.generateCRMFRequest
- MFSA 2006-23, CVE-2006-1729: File stealing by changing input type
- MFSA 2006-22, CVE-2006-1730: CSS Letter-Spacing Heap Overflow
Vulnerability
- MFSA 2006-19, CVE-2006-1731: Cross-site scripting using .valueOf.call()
- MFSA 2006-18, CVE-2006-0749: Mozilla Firefox Tag Order Vulnerability
- MFSA 2006-17, CVE-2006-1732: cross-site scripting through
window.controllers
- MFSA 2006-16, CVE-2006-1733: Accessing XBL compilation scope via
valueOf.call()
- MFSA 2006-15, CVE-2006-1734: Privilege escalation using a JavaScript
function's cloned parent
- MFSA 2006-14, CVE-2006-1735: Privilege escalation via XBL.method.eval
- MFSA 2006-13, CVE-2006-1736: Downloading executables with "Save Image
As..."
- MFSA 2006-12, CVE-2006-1740: Secure-site spoof (requires security
warning dialog)
- MFSA 2006-11, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,
CVE-2006-1790: Crashes with evidence of memory corruption (rv:1.8)
- MFSA 2006-10, CVE-2006-1742: JavaScript garbage-collection hazard audit
- MFSA 2006-09, CVE-2006-1741: Cross-site JavaScript injection using event
handlers
- MFSA 2006-05, CVE-2006-0296: Localstore.rdf XML injection through
XULDocument.persist()
- MFSA 2006-03, CVE-2005-4134: Long document title causes startup denial
of Service
- MFSA 2006-01, CVE-2006-0292: JavaScript garbage-collection hazards
-- Martin Pitt <email address hidden> Tue, 18 Apr 2006 11:59:52 +0200
-
firefox (1.0.7-0ubuntu20) breezy; urgency=low
* Recompile everything -fno-strict-aliasing. See 17276.
-- Ian Jackson <email address hidden> Mon, 10 Oct 2005 11:22:37 +0100
