SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for MozillaFirefox-devel-3.6.28-1.15.i586.rpm :
Tue Mar 6 13:00:00 2012 wrAATTrosenauer.org
- security update to 3.6.28 (bnc#750044)

* MFSA 2011-55/CVE-2011-3658 (bmo#708186)
nsSVGValue out-of-bounds access

* MFSA 2012-13/CVE-2012-0455 (bmo#704354)
XSS with Drag and Drop and Javascript: URL

* MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103)
SVG issues found with Address Sanitizer

* MFSA 2012-16/CVE-2012-0458
Escalation of privilege with Javascript: URL as home page

* MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
CVE-2012-0463
Miscellaneous memory safety hazards

Thu Feb 16 13:00:00 2012 wrAATTrosenauer.org
- security update to 3.6.27 (bnc#747328)

* CVE-2011-3026 (bmo#727401)
libpng: integer overflow leading to heap-buffer overflow

Wed Jan 25 13:00:00 2012 wrAATTrosenauer.org
- security update to 3.6.26 (bnc#744275)

* MFSA 2012-01/CVE-2012-0442/CVE-2012-0443
Miscellaneous memory safety hazards

* MFSA 2012-02/CVE-2011-3670 (bmo#504014)

* MFSA 2012-04/CVE-2011-3659 (bmo#708198)
Child nodes from nsDOMAttribute still accessible after removal
of nodes

* MFSA 2012-07/CVE-2012-0444 (bmo#719612)
Potential Memory Corruption When Decoding Ogg Vorbis files

* MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466)
Crash with malformed embedded XSLT stylesheets

Sun Dec 18 13:00:00 2011 wrAATTrosenauer.org
- security update to 3.6.25 (bnc#737533)

* MFSA 2011-59/CVE-2011-3666 (bmo#704622)
.jar not treated as executable in Firefox 3.6 on Mac

Tue Nov 1 13:00:00 2011 wrAATTrosenauer.org
- security update to 3.6.24 (bnc#728520)

* MFSA 2011-46/CVE-2011-3647 (bmo#680880)
loadSubScript unwraps XPCNativeWrapper scope parameter

* MFSA 2011-47/CVE-2011-3648 (bmo#690225)
Potential XSS against sites using Shift-JIS

* MFSA 2011-49/CVE-2011-3650 (bmo#674776)
Memory corruption while profiling using Firebug

Wed Sep 21 14:00:00 2011 wrAATTrosenauer.org
- security update to 3.6.23 (bnc#720264)

* MFSA 2011-36/CVE-2011-2996 (bmo#555018)
Miscellaneous memory safety hazards

* MFSA 2011-37/CVE-2011-2998 (bmo#684815)
Integer underflow when using JavaScript RegExp

* MFSA 2011-38/CVE-2011-2999 (bmo#665548)
XSS via plugins and shadowed window.location object

* MFSA 2011-39/CVE-2011-3000 (bmo#655389)
Defense against multiple Location headers due to CRLF Injection

* MFSA 2011-40/CVE-2011-2372/CVE-2011-3001
Code installation through holding down Enter

Wed Sep 7 14:00:00 2011 pcernyAATTsuse.com
- security update to 3.6.22 (bnc#714931)

* Complete blocking of certificates issued by DigiNotar
(bmo#683449)

Mon Sep 5 14:00:00 2011 pcernyAATTsuse.com
- security update to 3.6.21 (bnc#714931)

* MFSA 2011-34
Protection against fraudulent DigiNotar certificates
(bmo#682927)

Fri Aug 5 14:00:00 2011 wrAATTrosenauer.org
- security update to 3.6.20 (bnc#712224)
fixed security issues MFSA 2011-30

* CVE-2011-2982
Miscellaneous memory safety hazards

* CVE-2011-0084 (bmo#648094)
Crash in SVGTextElement.getCharNumAtPosition()

* CVE-2011-2981
Privilege escalation using event handlers

* CVE-2011-2378 (bmo#572129)
Privilege escalation dropping a tab element in content area

* CVE-2011-2980 (bmo#642469)
Binary planting vulnerability in ThinkPadSensor::Startup

* CVE-2011-2983 (bmo#626297)
Private data leakage using RegExp.input

Tue Jun 14 14:00:00 2011 wrAATTrosenauer.org
- security update to 3.6.18 (bnc#701296)

* MFSA 2011-19/CVE-2011-2374 CVE-2011-2376 CVE-2011-2364
CVE-2011-2365
Miscellaneous memory safety hazards

* MFSA 2011-20/CVE-2011-2373 (bmo#617247)
Use-after-free vulnerability when viewing XUL document with
script disabled

* MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303)
Memory corruption due to multipart/x-mixed-replace images

* MFSA 2011-22/CVE-2011-2371 (bmo#664009)
Integer overflow and arbitrary code execution in
Array.reduceRight()

* MFSA 2011-23/CVE-2011-0083 CVE-2011-0085 CVE-2011-2363
Multiple dangling pointer vulnerabilities

* MFSA 2011-24/CVE-2011-2362 (bmo#616264)
Cookie isolation error
- speedier find-external-requires.sh

Thu Apr 21 14:00:00 2011 wrAATTrosenauer.org
- security update to 3.6.17 (bnc#689281)

* MFSA 2011-12/ CVE-2011-0069 CVE-2011-0070 CVE-2011-0072
CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078
CVE-2011-0080 CVE-2011-0081
Miscellaneous memory safety hazards

* MFSA 2011-13/CVE-2011-0065/CVE-2011-0066/CVE-2011-0073
Multiple dangling pointer vulnerabilities

* MFSA 2011-14/CVE-2011-0067 (bmo#527935)
Information stealing via form history

* MFSA 2011-18/CVE-2011-1202 (bmo#640339)
XSLT generate-id() function heap address leak

Fri Mar 25 13:00:00 2011 lnusselAATTsuse.de
- add macros file similar to Mandriva in order to simplify
packaging extensions

Sat Mar 19 13:00:00 2011 wrAATTrosenauer.org
- security update to 3.6.16 (bnc#680771)

* MFSA 2011-11 (bmo#642395)
Update HTTPS certificate blacklist

Fri Mar 4 13:00:00 2011 wrAATTrosenauer.org
- update to 3.6.15

* fix a regression introduced with previous update affecting
Java applet integration (bmo#629030)

Tue Feb 22 13:00:00 2011 wrAATTrosenauer.org
- security update to 3.6.14 (build3) (bnc#667155)

* MFSA 2011-01/CVE-2011-0053/CVE-2011-0062
Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)

* MFSA 2011-02/CVE-2011-0051 (bmo#616659)
Recursive eval call causes confirm dialogs to evaluate to true

* MFSA 2011-03/CVE-2011-0055 (bmo#616009, bmo#619255)
Use-after-free error in JSON.stringify

* MFSA 2011-04/CVE-2011-0054 (bmo#615657)
Buffer overflow in JavaScript upvarMap

* MFSA 2011-05/CVE-2011-0056 (bmo#622015)
Buffer overflow in JavaScript atom map

* MFSA 2011-06/CVE-2011-0057 (bmo#626631)
Use-after-free error using Web Workers

* MFSA 2011-08/CVE-2010-1585 (bmo#562547)
ParanoidFragmentSink allows javascript: URLs in chrome documents

* MFSA 2011-09/CVE-2011-0061 (bmo#610601)
Crash caused by corrupted JPEG image

* MFSA 2011-10/CVE-2011-0059 (bmo#573873)
CSRF risk with plugins and 307 redirects

Thu Nov 25 13:00:00 2010 wrAATTrosenauer.org
- security update to 3.6.13 (bnc#657016)

* MFSA 2010-74/CVE-2010-3776/CVE-2010-3777/CVE-2010-3778
Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

* MFSA 2010-75/CVE-2010-3769 (bmo#608336)
Buffer overflow while line breaking after document.write with
long string

* MFSA 2010-76/CVE-2010-3771 (bmo#609437)
Chrome privilege escalation with window.open and element

* MFSA 2010-77/CVE-2010-3772 (bmo#594547)
Crash and remote code execution using HTML tags inside a XUL tree

* MFSA 2010-78/CVE-2010-3768 (bmo#527276)
Add support for OTS font sanitizer

* MFSA 2010-79/CVE-2010-3775
Java security bypass from LiveConnect loaded via data: URL
meta refresh

* MFSA 2010-80/CVE-2010-3766 (bmo#590771)
Use-after-free error with nsDOMAttribute MutationObserver

* MFSA 2010-81/CVE-2010-3767 (bmo#599468)
Integer overflow vulnerability in NewIdArray

* MFSA 2010-82/CVE-2010-3773 (bmo#554449)
Incomplete fix for CVE-2010-0179

* MFSA 2010-83/VE-2010-3774 (bmo#602780)
Location bar SSL spoofing using network error page

* MFSA 2010-84/CVE-2010-3770 (bmo#601429)
XSS hazard in multiple character encodings
- export a versioned provides for \"firefox\"

Wed Oct 27 14:00:00 2010 wrAATTrosenauer.org
- security update to 3.6.12 (bnc#649492)

* MFSA 2010-73/CVE-2010-3765 (bmo#607222)
Heap buffer overflow mixing document.write and DOM insertion

Wed Oct 6 14:00:00 2010 wrAATTrosenauer.org
- security update to 3.6.11 (bnc#645315)

* MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176
Miscellaneous memory safety hazards

* MFSA 2010-65/CVE-2010-3179 (bmo#583077)
Buffer overflow and memory corruption using document.write

* MFSA 2010-66/CVE-2010-3180 (bmo#588929)
Use-after-free error in nsBarProp

* MFSA 2010-67/CVE-2010-3183 (bmo#598669)
Dangling pointer vulnerability in LookupGetterOrSetter

* MFSA 2010-68/CVE-2010-3177 (bmo#556734)
XSS in gopher parser when parsing hrefs

* MFSA 2010-69/CVE-2010-3178 (bmo#576616)
Cross-site information disclosure via modal calls

* MFSA 2010-70/CVE-2010-3170 (bmo#578697)
SSL wildcard certificate matching IP addresses

* MFSA 2010-71/CVE-2010-3182 (bmo#590753)
Unsafe library loading vulnerabilities

* MFSA 2010-72/CVE-2010-3173
Insecure Diffie-Hellman key exchange

Wed Sep 15 14:00:00 2010 wrAATTrosenauer.org
- update to 3.6.10

* fixing startup topcrash (bmo#594699)

Thu Aug 26 14:00:00 2010 wrAATTrosenauer.org
- security update to 3.6.9 (bnc#637303)

* MFSA 2010-49/CVE-2010-3169
Miscellaneous memory safety hazards

* MFSA 2010-50/CVE-2010-2765 (bmo#576447)
Frameset integer overflow vulnerability

* MFSA 2010-51/CVE-2010-2767 (bmo#584512)
Dangling pointer vulnerability using DOM plugin array

* MFSA 2010-53/CVE-2010-3166 (bmo#579655)
Heap buffer overflow in nsTextFrameUtils::TransformText

* MFSA 2010-54/CVE-2010-2760 (bmo#585815)
Dangling pointer vulnerability in nsTreeSelection

* MFSA 2010-55/CVE-2010-3168 (bmo#576075)
XUL tree removal crash and remote code execution

* MFSA 2010-56/CVE-2010-3167 (bmo#576070)
Dangling pointer vulnerability in nsTreeContentView

* MFSA 2010-57/CVE-2010-2766 (bmo#580445)
Crash and remote code execution in normalizeDocument

* MFSA 2010-59/CVE-2010-2762 (bmo#584180)
SJOW creates scope chains ending in outer object

* MFSA 2010-61/CVE-2010-2768 (bmo#579744)
UTF-7 XSS by overriding document charset using type
attribute

* MFSA 2010-62/CVE-2010-2769 (bmo#520189)
Copy-and-paste or drag-and-drop into designMode document allows
XSS

* MFSA 2010-63/CVE-2010-2764 (bmo#552090)
Information leak via XMLHttpRequest statusText

Wed Jul 28 14:00:00 2010 meissnerAATTsuse.de
- disable crash reporter for non x86/x86_64 to make it build.

Sat Jul 24 14:00:00 2010 wrAATTrosenauer.org
- security update to 3.6.8 (bnc#622506)

* MFSA 2010-48/CVE-2010-2755 (bmo#575836)
Dangling pointer crash regression from plugin parameter array
fix

Fri Jul 16 14:00:00 2010 wrAATTrosenauer.org
- security update to 3.6.7 (bnc#622506)

* MFSA 2010-34/CVE-2010-1211/CVE-2010-1212
Miscellaneous memory safety hazards

* MFSA 2010-35/CVE-2010-1208 (bmo#572986)
DOM attribute cloning remote code execution vulnerability

* MFSA 2010-36/CVE-2010-1209 (bmo#552110)
Use-after-free error in NodeIterator

* MFSA 2010-37/CVE-2010-1214 (bmo#572985)
Plugin parameter EnsureCachedAttrParamArrays remote code
execution vulnerability

* MFSA 2010-38/CVE-2010-1215 (bmo#567069)
Arbitrary code execution using SJOW and fast native function

* MFSA 2010-39/CVE-2010-2752 (bmo#574059)
nsCSSValue::Array index integer overflow

* MFSA 2010-40/CVE-2010-2753 (bmo#571106)
nsTreeSelection dangling pointer remote code execution
vulnerability

* MFSA 2010-41/CVE-2010-1205 (bmo#570451)
Remote code execution using malformed PNG image

* MFSA 2010-42/CVE-2010-1213 (bmo#568148)
Cross-origin data disclosure via Web Workers and importScripts

* MFSA 2010-43/CVE-2010-1207 (bmo#571287)
Same-origin bypass using canvas context

* MFSA 2010-44/CVE-2010-1210 (bmo#564679)
Characters mapped to U+FFFD in 8 bit encodings cause subsequent
character to vanish

* MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957)
Multiple location bar spoofing vulnerabilities

* MFSA 2010-46/CVE-2010-0654 (bmo#524223)
Cross-domain data theft using CSS

* MFSA 2010-47/CVE-2010-2754 (bmo#568564)
Cross-origin data leakage from script filename in error messages

Sun Jun 27 14:00:00 2010 wrAATTrosenauer.org
- update to 3.6.6 release

* modifies the crash protection feature to increase the amount
of time that plugins are allowed to be non-responsive before
being terminated.

Wed Jun 23 14:00:00 2010 wrAATTrosenauer.org
- update to final 3.6.4 release (bnc#603356)

* MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/
CVE-2010-1203
Crashes with evidence of memory corruption (rv:1.9.2.4)

* MFSA 2010-28/CVE-2010-1198 (bmo#532246)
Freed object reuse across plugin instances

* MFSA 2010-29/CVE-2010-1196 (bmo#534666)
Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal

* MFSA 2010-30/CVE-2010-1199 (bmo#554255)
Integer Overflow in XSLT Node Sorting

* MFSA 2010-31/CVE-2010-1125 (bmo#552255)
focus() behavior can be used to inject or steal keystrokes

* MFSA 2010-32/CVE-2010-1197 (bmo#537120)
Content-Disposition: attachment ignored if
Content-Type: multipart also present

* MFSA 2010-33/CVE-2008-5913 (bmo#475585)
User tracking across sites using Math.random()

Mon Jun 7 14:00:00 2010 wrAATTrosenauer.org
- update to 3.6.4(build6)

Sun Apr 18 14:00:00 2010 wrAATTrosenauer.org
- security update to 3.6.4 (Lorentz)

* enable crashreporter also for x86-64

* Flash runs in a separate process to avoid crashing Firefox
(ix86 only; x86-64 still uses nspluginwrapper)

Thu Apr 1 14:00:00 2010 wrAATTrosenauer.org
- security update to 3.6.3

* MFSA 2010-25/CVE-2010-1121 (bmo#555109)
Re-use of freed object due to scope confusion

Thu Mar 18 13:00:00 2010 wrAATTrosenauer.org
- security update to version 3.6.2 (bnc#586567)

* MFSA 2010-08/CVE-2010-1028
WOFF heap corruption due to integer overflow

* MFSA 2010-09/CVE-2010-0164 (bmo#547143)
Deleted frame reuse in multipart/x-mixed-replace image

* MFSA 2010-10/CVE-2010-0170 (bmo#541530)
XSS via plugins and unprotected Location object

* MFSA 2010-11/CVE-2010-0165/CVE-2010-0166/CVE-2010-0167
Crashes with evidence of memory corruption

* MFSA 2010-12/CVE-2010-0171 (bmo#531364)
XSS using addEventListener and setTimeout on a wrapped object

* MFSA 2010-13/CVE-2010-0168 (bmo#540642)
Content policy bypass with image preloading

* MFSA 2010-14/CVE-2010-0169 (bmo#535806)
Browser chrome defacement via cached XUL stylesheets

* MFSA 2010-15/CVE-2010-0172 (bmo#537862)
Asynchronous Auth Prompt attaches to wrong window

* MFSA 2010-16/CVE-2010-0173/CVE-2010-0174
Crashes with evidence of memory corruption

* MFSA 2010-18/CVE-2010-0176 (bmo#538308)
Dangling pointer vulnerability in nsTreeContentView

* MFSA 2010-19/CVE-2010-0177 (bmo#538310)
Dangling pointer vulnerability in nsPluginArray

* MFSA 2010-20/CVE-2010-0178 (bmo#546909)
Chrome privilege escalation via forced URL drag and drop

* MFSA 2010-22/CVE-2009-3555 (bmo#545755)
Update NSS to support TLS renegotiation indication

* MFSA 2010-23/CVE-2010-0181 (bmo#452093)
Image src redirect to mailto: URL opens email editor

* MFSA 2010-24/CVE-2010-0182 (bmo#490790)
XMLDocument::load() doesn\'t check nsIContentPolicy

Mon Jan 18 13:00:00 2010 wrAATTrosenauer.org
- update to 3.6rc2 (already named 3.6.0)
- removed obsolete orbit-devel build requirement

Wed Jan 6 13:00:00 2010 wrAATTrosenauer.org
- major update to 3.6rc1

Fri Dec 25 13:00:00 2009 wrAATTrosenauer.org
- update to version 3.5.7 (bnc#568011)

* DNS resolution in MakeSN of nsAuthSSPI causing issues for
proxy servers that support NTLM auth (bmo#535193)
- added missing lockdown preferences (bnc#567131)

Thu Dec 17 13:00:00 2009 wrAATTrosenauer.org
- readded firefox-ui-lockdown.patch (bnc#546158)

Thu Dec 3 13:00:00 2009 wrAATTrosenauer.org
- security update to version 3.5.6 (bnc#559807)

* MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982
Crashes with evidence of memory corruption (rv:1.9.1.6)

* MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816)
Memory safety fixes in liboggplay media library

* MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613)
Integer overflow, crash in libtheora video library

* MFSA 2009-68/CVE-2009-3983 (bmo#487872)
NTLM reflection vulnerability

* MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232)
Location bar spoofing vulnerabilities

* MFSA 2009-70/VE-2009-3986 (bmo#522430)
Privilege escalation via chrome window.opener
- fixed firefox-browser-css.patch (bnc#561027)

Mon Nov 23 13:00:00 2009 wrAATTrosenauer.org
- rebased patches for fuzz=0

Thu Nov 5 13:00:00 2009 wrAATTrosenauer.org
- update to version 3.5.5 (bnc#553172)

Sat Oct 17 14:00:00 2009 wrAATTrosenauer.org
- security update to version 3.5.4 (bnc#545277)

* MFSA 2009-52/CVE-2009-3370 (bmo#511615)
Form history vulnerable to stealing

* MFSA 2009-53/CVE-2009-3274 (bmo#514823)
Local downloaded file tampering

* MFSA 2009-54/CVE-2009-3371 (bmo#514554)
Crash with recursive web-worker calls

* MFSA 2009-55/CVE-2009-3372 (bmo#500644)
Crash in proxy auto-configuration regexp parsing

* MFSA 2009-56/CVE-2009-3373 (bmo#511689)
Heap buffer overflow in GIF color map parser

* MFSA 2009-57/CVE-2009-3374 (bmo#505988)
Chrome privilege escalation in XPCVariant::VariantDataToJS()

* MFSA 2009-59/CVE-2009-1563 (bmo#516396, bmo#516862)
Heap buffer overflow in string to number conversion

* MFSA 2009-61/CVE-2009-3375 (bmo#503226)
Cross-origin data theft through document.getSelection()

* MFSA 2009-62/CVE-2009-3376 (bmo#511521)
Download filename spoofing with RTL override

* MFSA 2009-63/CVE-2009-3377/CVE-2009-3379/CVE-2009-3378
Upgrade media libraries to fix memory safety bugs

* MFSA 2009-64/CVE-2009-3380/CVE-2009-3381/CVE-2009-3383
Crashes with evidence of memory corruption
- removed upstreamed patch

* firefox-bug506901.patch

Wed Oct 7 14:00:00 2009 llunakAATTnovell.com
- fix KDE button order in one more place (bnc#170055)

Fri Oct 2 14:00:00 2009 wrAATTrosenauer.org
- improve UI colors to be usable with dark themes at all
(firefox-browser-css.patch) (bnc#503351)
- extend list of supported architectures as ABI identifier
(mozilla-abi.patch) (bnc#543460)

Sun Sep 13 14:00:00 2009 wrAATTrosenauer.org
- added KDE integration patch from llunakAATTnovell.com
(firefox-kde.patch)

* support for knotify, making -kde4-addon obsolete

* KDE-specific support functional (bnc#170055)
- do not build libnkgnomevfs (bmo#512671) (firefox-no-gnomevfs)

Thu Sep 10 14:00:00 2009 wrAATTrosenauer.org
- security update to version 3.5.3 (bnc#534458)

* MFSA 2009-47/CVE-2009-3069/CVE-2009-3070/CVE-2009-3071/
CVE-2009-3072/CVE-2009-3073/CVE-2009-3074/CVE-2009-3075
Crashes with evidence of memory corruption

* MFSA 2009-49/CVE-2009-3077 (bmo#506871)
TreeColumns dangling pointer vulnerability

* MFSA 2009-50/CVE-2009-3078 (bmo#453827)
Location bar spoofing via tall line-height Unicode characters

* MFSA 2009-51/CVE-2009-3079 (bmo#454363)
Chrome privilege escalation with FeedWriter

Wed Aug 19 14:00:00 2009 wrAATTrosenauer.org
- renamed patch firefox-contextmenu-gnome to firefox-cross-desktop
as it contains more tweaks to handle non-Gnome environments and
especially KDE integration:

* added the ability to set the KDE default browser
(still part of bnc#170055)

Fri Aug 7 14:00:00 2009 wrAATTrosenauer.org
- split -translations package into -common and -other
(bnc#529180)
- remove \"set as background\" from context menu if not running in
Gnome (part of bnc#170055)

Fri Jul 31 14:00:00 2009 wrAATTrosenauer.org
- security update to version 3.5.2

* MFSA 2009-38/CVE-2009-2470 (bmo#459524)
Data corruption with SOCKS5 reply containing DNS name longer
than 15 characters

* MFSA 2009-44/CVE-2009-2654 (bmo#451898)
Location bar and SSL indicator spoofing via window.open() on
invalid URL

* MFSA 2009-45
Crashes with evidence of memory corruption

* MFSA 2009-46 (bmo#498897)
Chrome privilege escalation due to incorrectly cached wrapper

* various other stability fixes
- export MOZ_APP_LAUNCHER in the startscript (bmo#453689)

Tue Jul 28 14:00:00 2009 wrAATTrosenauer.org
- fixed %exclude usage
- fixed preferences\' advanced pane for fresh profiles (bmo#506901)

Wed Jul 15 14:00:00 2009 wrAATTrosenauer.org
- security update to version 3.5.1

* MFSA 2009-41
Corrupt JIT state after deep return from native function

Mon Jul 6 14:00:00 2009 wrAATTrosenauer.org
- added mozilla-linkorder.patch to fix build with --as-needed

Tue Jun 30 14:00:00 2009 wrAATTrosenauer.org
- update to final version 3.5 (20090623)

Tue Jun 23 14:00:00 2009 wrAATTrosenauer.org
- fixed build by linking to a real file

Thu Jun 18 14:00:00 2009 wrAATTrosenauer.org
- update to version 3.5rc2 (20090617)
- BuildRequire mozilla-xulrunner191 = 1.9.1.0

Sat Jun 6 14:00:00 2009 wrAATTrosenauer.org
- update to version 3.5b99 (20090604)
- BuildRequire mozilla-xulrunner191 = 1.9.1b99

Wed May 27 14:00:00 2009 wrAATTrosenauer.org
- fixed typos in improved xulrunner dependencies

Mon May 11 14:00:00 2009 wrAATTrosenauer.org
- use non-localized Downloads folder (bnc#501724)

Mon May 4 14:00:00 2009 wrAATTrosenauer.org
- update to new major version 3.5b4

* based on Gecko 1.9.1 (mozilla-xulrunner191)

* Private Browsing Mode

* TraceMonkey JavaScript engine

* Geolocation support

* native JSON and web worker threads support

* speculative parsing for faster content rendering

* Some HTML5 support
- updated firefox.schemas
- improved firefox-no-update.patch

Tue Apr 28 14:00:00 2009 wrAATTrosenauer.org
- security update to 3.0.10

* MFSA 2009-23/CVE-2009-1313 (bmo#489647)
Crash in nsTextFrame::ClearTextRun()

Thu Apr 16 14:00:00 2009 wrAATTrosenauer.org
- security update to 3.0.9 (bnc#495473)

* MFSA 2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304/CVE-2009-1305
Crashes with evidence of memory corruption (rv:1.9.0.9)

* MFSA 2009-15/CVE-2009-0652 (bmo#479336)
URL spoofing with box drawing character

* MFSA 2009-16/CVE-2009-1306 (bmo#474536)
jar: scheme ignores the content-disposition: header on the
inner URI

* MFSA 2009-17/CVE-2009-1307 (bmo#481342)
Same-origin violations when Adobe Flash loaded via
view-source: scheme

* MFSA 2009-18/CVE-2009-1308 (bmo#481558)
XSS hazard using third-party stylesheets and XBL bindings

* MFSA 2009-19/CVE-2009-1309 (bmo#482206,478433)
Same-origin violations in XMLHttpRequest and
XPCNativeWrapper.toString

* MFSA 2009-20/CVE-2009-1310 (bmo#483086)
Malicious search plugins can inject code into arbitrary sites

* MFSA 2009-21/CVE-2009-1311 (bmo#471962)
POST data sent to wrong site when saving web page with
embedded frame

* MFSA 2009-22/CVE-2009-1312 (bmo#475636)
Firefox allows Refresh header to redirect to javascript: URIs

Fri Mar 27 13:00:00 2009 wrAATTrosenauer.org
- security update to 1.9.0.8 (bnc#488955,489411)

* MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217)
Crash and remote code execution in XSL transformation

* MFSA 2009-13/CVE-2009-1044 (bmo#484320)
Arbitrary code execution via XUL tree moveToEdgeShift
- allow RPM provides for stuff besides shared libraries
(e.g. mime-types)

Sun Mar 1 13:00:00 2009 wrAATTrosenauer.org
- security update to 3.0.7 (bnc#478625)

* MFSA 2009-07 - Crashes with evidence of memory corruption
CVE-2009-0771 - Layout Engine Crashes
CVE-2009-0772 - Layout Engine Crashes
CVE-2009-0773 - crashes in the JavaScript engine
CVE-2009-0774 - Layout Engine Crashes

* MFSA 2009-08/CVE-2009-0775 - (bmo#474456)
Mozilla Firefox XUL Linked Clones Double Free Vulnerability

* MFSA 2009-09/CVE-2009-0776 (bmo#414540)
XML data theft via RDFXMLDataSource and cross-domain redirect

* MFSA 2009-10/CVE-2009-0040 (bmo#478901)
Upgrade PNG library to fix memory safety hazards

* MFSA 2009-11/CVE-2009-0777 (bmo#452979)
URL spoofing with invisible control characters


  
ICM