Debian Bug report logs - #318061
mozilla-firefox: version 1.0.5 fixes several security bugs

version graph

Package: mozilla-firefox; Maintainer for mozilla-firefox is (unknown);

Reported by: Florian Weimer <fw@deneb.enyo.de>

Date: Wed, 13 Jul 2005 07:33:03 UTC

Severity: grave

Tags: etch, sarge, security

Found in versions 1.0.4-3, 1.0.4-2

Fixed in versions 1.0.5-1, 1.0.99+deerpark-alpha2-1, mozilla-firefox/1.0.4-2sarge2

Done: Eric Dorland <eric@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Eric Dorland <eric@debian.org>:
Bug#318061; Package mozilla-firefox. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
New Bug report received and forwarded. Copy sent to Eric Dorland <eric@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: mozilla-firefox: version 1.0.5 fixes several security bugs
Date: Wed, 13 Jul 2005 09:22:23 +0200
Package: mozilla-firefox
Version: 1.0.4-3
Severity: grave
Tags: security
Justification: user security hole

Firefox 1.0.5 fixes several security bugs, two of them rated critical.
Unfortunately, details for these bugs are embargoed until at least July
20, 2005, so no details so far.

http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox



Information forwarded to debian-bugs-dist@lists.debian.org, ssb22@cam.ac.uk, Eric Dorland <eric@debian.org>:
Bug#318061; Package mozilla-firefox. Full text and rfc822 format available.

Acknowledgement sent to "Silas S. Brown" <ssb22@cam.ac.uk>:
Extra info received and forwarded to list. Copy sent to ssb22@cam.ac.uk, Eric Dorland <eric@debian.org>. Full text and rfc822 format available.

Message #10 received at 318061@bugs.debian.org (full text, mbox):

From: "Silas S. Brown" <ssb22@cam.ac.uk>
To: Debian Bug Tracking System <318061@bugs.debian.org>
Subject: mozilla-firefox: There appears to be more information now
Date: Wed, 13 Jul 2005 09:11:14 +0100
Package: mozilla-firefox
Version: 1.0.4-2
Followup-For: Bug #318061


It seems that a little more information has appeared on that
page now.  "Code execution through shared function objects"
sounds scary.

Why not simply backport 1.0.5?  I can't see any major
difference between 1.0.4 and 1.0.5 except for these security
problems.  The same goes for all future security updates
they put out (as long as they're only security updates).
Alternatively, is there a simple way of providing an option
to run Firefox in a sandbox, so it can't touch your home
directory and its settings are restored after each session?
(Not restored to factory defaults, but restored as you want
them.)  That would mitigate most of the risk, although there
might be some stack-smashing bug that allows trojan sites to
execute arbitrary machine code and potentially break out of
the sandbox by exploiting a 'suid' vulnerability.

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.23
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1) (ignored: LC_ALL set to en_GB)

Versions of packages mozilla-firefox depends on:
ii  debianutils            2.8.4             Miscellaneous utilities specific t
ii  fontconfig             2.3.1-2           generic font configuration library
ii  libatk1.0-0            1.8.0-4           The ATK accessibility toolkit
ii  libc6                  2.3.2.ds1-22      GNU C Library: Shared libraries an
ii  libfontconfig1         2.3.1-2           generic font configuration library
ii  libfreetype6           2.1.7-2.4         FreeType 2 font engine, shared lib
ii  libgcc1                1:3.4.3-13        GCC support library
ii  libglib2.0-0           2.6.4-1           The GLib library of C routines
ii  libgtk2.0-0            2.6.4-3           The GTK+ graphical user interface 
ii  libidl0                0.8.5-1           library for parsing CORBA IDL file
ii  libjpeg62              6b-10             The Independent JPEG Group's JPEG 
ii  libkrb53               1.3.6-2           MIT Kerberos runtime libraries
ii  libpango1.0-0          1.8.1-1           Layout and rendering of internatio
ii  libpng12-0             1.2.8rel-1        PNG library - runtime
ii  libstdc++5             1:3.3.5-13        The GNU Standard C++ Library v3
ii  libx11-6               4.3.0.dfsg.1-14   X Window System protocol client li
ii  libxext6               4.3.0.dfsg.1-14   X Window System miscellaneous exte
ii  libxft2                2.1.7-1           FreeType-based font drawing librar
ii  libxp6                 4.3.0.dfsg.1-14   X Window System printing extension
ii  libxt6                 4.3.0.dfsg.1-14   X Toolkit Intrinsics
ii  psmisc                 21.5-1            Utilities that use the proc filesy
ii  xlibs                  4.3.0.dfsg.1-14   X Keyboard Extension (XKB) configu
ii  zlib1g                 1:1.2.2-4.sarge.1 compression library - runtime

-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org, Eric Dorland <eric@debian.org>:
Bug#318061; Package mozilla-firefox. Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Eric Dorland <eric@debian.org>. Full text and rfc822 format available.

Message #15 received at 318061@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.org>
To: "Silas S. Brown" <ssb22@cam.ac.uk>
Cc: Debian Bug Tracking System <318061@bugs.debian.org>
Subject: Re: mozilla-firefox: There appears to be more information now
Date: Wed, 13 Jul 2005 13:09:11 +0200
On 2005-07-13 09:11:14 +0100, Silas S. Brown wrote:
> Why not simply backport 1.0.5? I can't see any major difference
> between 1.0.4 and 1.0.5 except for these security problems.

In addition to these security problems, an important performance
regression concerning form inputs seems to have been fixed in
Firefox 1.0.5. See

  https://bugzilla.mozilla.org/show_bug.cgi?id=291278

(I just hope that this fix is not just for Windows). So, a backport
would really be fine.

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / SPACES project at LORIA



Reply sent to Eric Dorland <eric@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Florian Weimer <fw@deneb.enyo.de>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #20 received at 318061-close@bugs.debian.org (full text, mbox):

From: Eric Dorland <eric@debian.org>
To: 318061-close@bugs.debian.org
Subject: Bug#318061: fixed in mozilla-firefox 1.0.5-1
Date: Sat, 16 Jul 2005 03:17:42 -0400
Source: mozilla-firefox
Source-Version: 1.0.5-1

We believe that the bug you reported is fixed in the latest version of
mozilla-firefox, which is due to be installed in the Debian FTP archive:

mozilla-firefox-dom-inspector_1.0.5-1_i386.deb
  to pool/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.5-1_i386.deb
mozilla-firefox-gnome-support_1.0.5-1_i386.deb
  to pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.5-1_i386.deb
mozilla-firefox_1.0.5-1.diff.gz
  to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.5-1.diff.gz
mozilla-firefox_1.0.5-1.dsc
  to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.5-1.dsc
mozilla-firefox_1.0.5-1_i386.deb
  to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.5-1_i386.deb
mozilla-firefox_1.0.5.orig.tar.gz
  to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.5.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 318061@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Eric Dorland <eric@debian.org> (supplier of updated mozilla-firefox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 16 Jul 2005 00:43:54 -0400
Source: mozilla-firefox
Binary: mozilla-firefox mozilla-firefox-gnome-support mozilla-firefox-dom-inspector
Architecture: source i386
Version: 1.0.5-1
Distribution: unstable
Urgency: high
Maintainer: Eric Dorland <eric@debian.org>
Changed-By: Eric Dorland <eric@debian.org>
Description: 
 mozilla-firefox - lightweight web browser based on Mozilla
 mozilla-firefox-dom-inspector - tool for inspecting the DOM of pages in Mozilla Firefox
 mozilla-firefox-gnome-support - Support for Gnome in Mozilla Firefox
Closes: 314243 318061
Changes: 
 mozilla-firefox (1.0.5-1) unstable; urgency=high
 .
   * New upstream release, fixes security issues. (Closes: #318061)
   * debian/rules: Disable freetype in the build for the time being. This
     *might* break printing in some cases.
   * gfx/idl/nsIFreeType2.idl, gfx/src/freetype/nsFreeType.cpp,
     gfx/src/freetype/nsFreeType.h, gfx/src/ps/nsFontMetricsPS.cpp,
     gfx/src/ps/nsFontMetricsPS.h, gfx/src/x11shared/nsFontFreeType.cpp,
     gfx/src/x11shared/nsFontFreeType.h,
     layout/svg/renderer/src/libart/nsSVGLibartGlyphMetricsFT.cpp: Patch
     from bz#234035 to try to get building with the new freetype. (Closes:
     #314243)
Files: 
 637116f25bb7fea44eb4bbdb1e9c7788 989 web optional mozilla-firefox_1.0.5-1.dsc
 8aeb80f20827c168cf6d181c79254eb5 40216288 web optional mozilla-firefox_1.0.5.orig.tar.gz
 40821248d3f3c3537b48db41c1799690 229779 web optional mozilla-firefox_1.0.5-1.diff.gz
 55ca32c233b3d545cf1f6d15a5cbf004 7618868 web optional mozilla-firefox_1.0.5-1_i386.deb
 44a7f88df49bc599674e51b27fcab312 154512 web optional mozilla-firefox-dom-inspector_1.0.5-1_i386.deb
 163f982236fa284a3a4a76bbcb3a96a4 52300 web optional mozilla-firefox-gnome-support_1.0.5-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC2K7dYemOzxbZcMYRAt3hAJ9HLyT7oZD1/4CWkGZYvYlk/WonTQCfU6JY
PHAxguqOuMvBhOYPRwqHeU0=
=Fuyo
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Eric Dorland <eric@debian.org>:
Bug#318061; Package mozilla-firefox. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Eric Dorland <eric@debian.org>. Full text and rfc822 format available.

Message #25 received at 318061@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: 318061@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#318061 acknowledged by developer (Bug#318061: fixed in mozilla-firefox 1.0.5-1)
Date: Sat, 16 Jul 2005 09:52:38 +0200
reopen 318061
tag 318061 sarge
thanks

>    * New upstream release, fixes security issues. (Closes: #318061)

Bug is still present in sarge.



Bug reopened, originator not changed. Request was from Florian Weimer <fw@deneb.enyo.de> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: sarge Request was from Florian Weimer <fw@deneb.enyo.de> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: etch Request was from Willi Mann <willi@wm1.at> to control@bugs.debian.org. Full text and rfc822 format available.

Bug marked as fixed in version 1.0.5-1, send any further explanations to Florian Weimer <fw@deneb.enyo.de> Request was from Mike Hommey <mh@glandium.org> to control@bugs.debian.org. Full text and rfc822 format available.

Bug marked as fixed in version 1.0.99+deerpark-alpha2-1, send any further explanations to Florian Weimer <fw@deneb.enyo.de> Request was from Mike Hommey <mh@glandium.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Eric Dorland <eric@debian.org>:
Bug#318061; Package mozilla-firefox. Full text and rfc822 format available.

Acknowledgement sent to Mikko Rapeli <mikko.rapeli@iki.fi>:
Extra info received and forwarded to list. Copy sent to Eric Dorland <eric@debian.org>. Full text and rfc822 format available.

Message #40 received at 318061@bugs.debian.org (full text, mbox):

From: Mikko Rapeli <mikko.rapeli@iki.fi>
To: 318061@bugs.debian.org
Subject: Please provide mozilla-firefox 1.0.6 for Sarge
Date: Mon, 01 Aug 2005 16:20:30 +0300
Having spent hours reading the discussions, hopefully this link to patch
making 1.0.6 compile on Sarge helps -- even if just a small, tiny bit:

http://lists.debian.org/debian-security/2005/07/msg00305.html

And next the same thing for thunderbird and mozilla...

-Mikko



Information forwarded to debian-bugs-dist@lists.debian.org, Eric Dorland <eric@debian.org>:
Bug#318061; Package mozilla-firefox. Full text and rfc822 format available.

Acknowledgement sent to Mikko Rapeli <mikko.rapeli@iki.fi>:
Extra info received and forwarded to list. Copy sent to Eric Dorland <eric@debian.org>. Full text and rfc822 format available.

Message #45 received at 318061@bugs.debian.org (full text, mbox):

From: Mikko Rapeli <mikko.rapeli@iki.fi>
To: 318061@bugs.debian.org
Subject: Re: Please provide mozilla-firefox 1.0.6 for Sarge
Date: Tue, 02 Aug 2005 13:31:10 +0300
On Mon, Aug 01, 2005 at 04:20:28PM +0300, Mikko Rapeli wrote:
> Having spent hours reading the discussions, hopefully this link to patch
> making 1.0.6 compile on Sarge helps -- even if just a small, tiny bit:
> 
> http://lists.debian.org/debian-security/2005/07/msg00305.html

Apparently this patch is not needed. Renaming the mozilla source package
and uupdate'ing from 1.0.4 in Sarge requires only this additional patch
after original patch from 1.0.4 failed (no idea what it really does though, just
copied the functionality). Compiles, installs and runs well in Sarge.

-Mikko

--- netwerk/protocol/http/src/nsHttpHandler.cpp-original	2005-08-02 09:40:59.000000000 +0300
+++ netwerk/protocol/http/src/nsHttpHandler.cpp	2005-08-02 09:41:04.000000000 +0300
@@ -669,30 +669,6 @@
     if (ret >= 0) {
         nsCString buf;  
         buf =  (char*)name.sysname;
-#ifdef AIX
-        buf += ' ';
-        // AIX uname returns machine specific info in the uname.machine
-        // field and does not return the cpu type like other platforms.
-        // We use the AIX version and release numbers instead.
-        buf += (char*)name.version;
-        buf += '.';
-        buf += (char*)name.release;
-#else
-        if (strcmp(name.machine, "x86_64") == 0 &&
-            sizeof(long) == sizeof(PRInt32)) {
-            // We're running 32-bit code on x86_64. Make this browser
-            // look like it's running on i686 hardware, but append "
-            // (x86_64)" to the end of the oscpu identifier to be able
-            // to differentiate this from someone running 64-bit code
-            // on x86_64..
-
-            buf += " i686 (x86_64)";
-        } else {
-            buf += ' ';
-
-            buf += (char*)name.machine;
-        }
-#endif
         mOscpu.Assign(buf);
     }
 #endif



Reply sent to Eric Dorland <eric@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Florian Weimer <fw@deneb.enyo.de>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #50 received at 318061-close@bugs.debian.org (full text, mbox):

From: Eric Dorland <eric@debian.org>
To: 318061-close@bugs.debian.org
Subject: Bug#318061: fixed in mozilla-firefox 1.0.4-2sarge2
Date: Sat, 20 Aug 2005 06:47:15 -0700
Source: mozilla-firefox
Source-Version: 1.0.4-2sarge2

We believe that the bug you reported is fixed in the latest version of
mozilla-firefox, which is due to be installed in the Debian FTP archive:

mozilla-firefox-dom-inspector_1.0.4-2sarge2_i386.deb
  to pool/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge2_i386.deb
mozilla-firefox-gnome-support_1.0.4-2sarge2_i386.deb
  to pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge2_i386.deb
mozilla-firefox_1.0.4-2sarge2.diff.gz
  to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge2.diff.gz
mozilla-firefox_1.0.4-2sarge2.dsc
  to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge2.dsc
mozilla-firefox_1.0.4-2sarge2_i386.deb
  to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 318061@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Eric Dorland <eric@debian.org> (supplier of updated mozilla-firefox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 12 Aug 2005 19:52:58 -0400
Source: mozilla-firefox
Binary: mozilla-firefox mozilla-firefox-gnome-support mozilla-firefox-dom-inspector
Architecture: source i386
Version: 1.0.4-2sarge2
Distribution: stable-security
Urgency: critical
Maintainer: Eric Dorland <eric@debian.org>
Changed-By: Eric Dorland <eric@debian.org>
Description: 
 mozilla-firefox - lightweight web browser based on Mozilla
 mozilla-firefox-dom-inspector - tool for inspecting the DOM of pages in Mozilla Firefox
 mozilla-firefox-gnome-support - Support for Gnome in Mozilla Firefox
Closes: 318061
Changes: 
 mozilla-firefox (1.0.4-2sarge2) stable-security; urgency=critical
 .
   * Fixes for various security vulnerabilities. (Closes: #318061)
   * The previous (unreleased) version fixes MFSA2005-51: "The return of
     frame-injection spoofing" aka CAN-2005-1937, which is really just the
     return of CAN-2004-0718.
   * accessible/src/base/nsBaseWidgetAccessible.cpp,
     content/base/public/nsContentUtils.h,
     content/base/src/nsContentUtils.cpp, content/base/src/nsDocument.cpp,
     content/base/src/nsDocument.h, content/base/src/nsDocumentViewer.cpp,
     content/base/src/nsGenericDOMDataNode.cpp,
     content/base/src/nsGenericElement.cpp,
     content/base/src/nsGenericElement.h,
     content/base/src/nsImageLoadingContent.cpp,
     content/base/src/nsSelection.cpp,
     content/events/public/nsIEventListenerManager.h,
     content/events/public/nsIPrivateDOMEvent.h,
     content/events/public/nsMutationEvent.h,
     content/events/src/nsDOMEvent.cpp,
     content/events/src/nsEventListenerManager.cpp,
     content/events/src/nsEventListenerManager.h,
     content/events/src/nsEventStateManager.cpp,
     content/html/content/src/nsGenericHTMLElement.cpp,
     content/html/content/src/nsHTMLButtonElement.cpp,
     content/html/content/src/nsHTMLFormElement.cpp,
     content/html/content/src/nsHTMLInputElement.cpp,
     content/html/content/src/nsHTMLScriptElement.cpp,
     content/html/content/src/nsHTMLSelectElement.cpp,
     content/html/content/src/nsHTMLTextAreaElement.cpp,
     content/svg/content/src/nsSVGElement.cpp,
     content/xbl/src/nsXBLBinding.cpp, content/xbl/src/nsXBLBinding.h,
     content/xbl/src/nsXBLPrototypeHandler.cpp,
     content/xml/content/src/nsXMLElement.cpp,
     content/xml/document/src/nsXMLDocument.cpp,
     content/xul/content/src/nsXULElement.cpp,
     content/xul/document/src/nsXULCommandDispatcher.cpp,
     content/xul/document/src/nsXULDocument.cpp,
     dom/public/idl/events/Makefile.in, dom/src/base/nsDOMClassInfo.cpp,
     dom/src/base/nsDOMClassInfo.h, dom/src/base/nsGlobalWindow.cpp,
     dom/src/base/nsGlobalWindow.h, dom/src/base/nsJSEnvironment.cpp,
     dom/src/base/nsWindowRoot.cpp, dom/src/base/nsWindowRoot.h,
     extensions/xmlextras/base/src/nsXMLHttpRequest.cpp,
     layout/html/base/src/nsGfxScrollFrame.cpp,
     layout/html/base/src/nsObjectFrame.cpp,
     layout/html/base/src/nsPresShell.cpp,
     layout/html/forms/public/nsIFormControlFrame.h,
     layout/html/forms/src/nsComboboxControlFrame.cpp,
     layout/html/forms/src/nsComboboxControlFrame.h,
     layout/html/forms/src/nsFileControlFrame.h,
     layout/html/forms/src/nsFormControlFrame.cpp,
     layout/html/forms/src/nsFormControlFrame.h,
     layout/html/forms/src/nsGfxButtonControlFrame.cpp,
     layout/html/forms/src/nsHTMLButtonControlFrame.cpp,
     layout/html/forms/src/nsHTMLButtonControlFrame.h,
     layout/html/forms/src/nsImageControlFrame.cpp,
     layout/html/forms/src/nsListControlFrame.cpp,
     layout/html/forms/src/nsListControlFrame.h,
     layout/html/forms/src/nsTextControlFrame.cpp,
     layout/html/forms/src/nsTextControlFrame.h,
     layout/xul/base/src/nsBoxFrame.cpp,
     layout/xul/base/src/nsButtonBoxFrame.cpp,
     layout/xul/base/src/nsButtonBoxFrame.h,
     layout/xul/base/src/nsImageBoxFrame.cpp,
     layout/xul/base/src/nsMenuFrame.cpp,
     layout/xul/base/src/nsPopupSetFrame.cpp,
     layout/xul/base/src/nsResizerFrame.cpp,
     layout/xul/base/src/nsResizerFrame.h,
     layout/xul/base/src/nsScrollBoxFrame.cpp,
     layout/xul/base/src/nsScrollbarButtonFrame.cpp,
     layout/xul/base/src/nsTitleBarFrame.cpp,
     layout/xul/base/src/nsTitleBarFrame.h,
     layout/xul/base/src/tree/src/nsTreeBodyFrame.cpp,
     layout/xul/base/src/tree/src/nsTreeSelection.cpp,
     toolkit/components/satchel/src/nsFormFillController.cpp,
     view/public/nsIViewObserver.h, view/src/nsViewManager.cpp,
     webshell/public/nsILinkHandler.h, widget/public/nsEvent.h,
     widget/public/nsGUIEvent.h, widget/public/nsIEventListener.h,
     widget/public/nsIWidget.h, widget/src/beos/nsWindow.cpp,
     widget/src/cocoa/nsChildView.mm, widget/src/cocoa/nsCocoaWindow.mm,
     widget/src/cocoa/nsMenuBarX.cpp, widget/src/cocoa/nsMenuItemX.cpp,
     widget/src/cocoa/nsMenuX.cpp, widget/src/gtk/nsGtkEventHandler.cpp,
     widget/src/gtk/nsWidget.cpp, widget/src/gtk/nsWindow.cpp,
     widget/src/gtk2/nsCommonWidget.cpp, widget/src/gtk2/nsWindow.cpp,
     widget/src/mac/nsMacControl.cpp, widget/src/mac/nsMacEventHandler.cpp,
     widget/src/mac/nsMacWindow.cpp, widget/src/mac/nsMenuBarX.cpp,
     widget/src/mac/nsMenuX.cpp, widget/src/mac/nsWindow.cpp,
     widget/src/os2/nsFrameWindow.cpp, widget/src/os2/nsWindow.cpp,
     widget/src/photon/nsWidget.cpp, widget/src/photon/nsWidget.h,
     widget/src/photon/nsWindow.cpp,
     widget/src/windows/nsNativeDragTarget.cpp,
     widget/src/windows/nsWindow.cpp, widget/src/xlib/nsAppShell.cpp,
     widget/src/xlib/nsWidget.cpp, widget/src/xlib/nsWindow.cpp,
     xpfe/appshell/src/nsWebShellWindow.cpp,
     xpfe/appshell/src/nsXULWindow.cpp: Huge patch from bz#289940 to fix
     MFSA2005-45: "Content-generated event vulnerabilities" aka
     CAN-2005-2260.
   * content/base/src/nsContentUtils.cpp,
     dom/public/idl/events/nsIDOMNSEventTarget.idl: Fixes for the above
     patch.
   * content/xbl/src/nsXBLBinding.cpp: Patch from bz#292591 to fix
     MFSA2005-46: "XBL scripts ran even when Javascript disabled" aka
     CAN-2005-2261.
   * browser/base/content/browser.js,
     browser/base/content/setWallpaper.xul: Patch from bz#292737 to fix
     MFSA2005-47: "Code execution via "Set as Wallpaper"", aka
     CAN-2005-2262.
   * xpinstall/src/nsJSInstallTriggerGlobal.cpp,
     xpinstall/src/nsXPITriggerInfo.h, xpinstall/src/nsXPITriggerInfo.cpp:
     Patch from bz#293331 to fix MFSA2005-48: "Same-origin violation with
     InstallTrigger callback" aka CAN-2005-2263.
   * browser/base/content/browser.js: Patch from bz#294074 to fix
     MFSA2005-49: "Script injection from Firefox sidebar panel using
     data:" aka CAN-2005-2264.
   * xpinstall/src/nsJSInstall.cpp, xpinstall/src/nsJSWinProfile.cpp,
     xpinstall/src/nsJSInstallTriggerGlobal.cpp,
     xpinstall/src/nsJSInstallVersion.cpp, xpinstall/src/nsJSFile.cpp,
     xpinstall/src/nsJSWinReg.cpp, xpinstall/src/nsJSFileSpecObj.cpp:
     Patches from bz#295854 to fix MFSA2005-50: "Possibly exploitable crash
     in InstallVersion.compareTo" aka CAN-2005-2265.
   * content/html/document/src/nsHTMLDocument.cpp: Patch from bz#296830 to
     fix MFSA2005-52: " Same origin violation: frame calling top.focus()"
     aka CAN-2005-2266.
   * browser/base/content/browser.js, docshell/base/nsDocShell.cpp,
     docshell/base/nsDocShell.h, docshell/base/nsIDocShellLoadInfo.idl,
     docshell/base/nsIWebNavigation.idl: Patch from bz#298255 for
     MFSA2005-53: "Standalone applications can run arbitrary code through
     the browser" aka CAN-2005-2267.
   * dom/src/base/nsGlobalWindow.cpp: Patch from bz#298934 for MFSA2005-54:
     "Javascript prompt origin spoofing" aka CAN-2005-2268.
   * browser/base/content/browser.js,
     browser/base/content/utilityOverlay.js,
     toolkit/components/help/content/help.js,
     xpfe/communicator/resources/content/contentAreaUtils.js,
     xpfe/communicator/resources/content/contentAreaClick.js,
     xpfe/communicator/resources/content/nsContextMenu.js: Patches from
     bz#298892 to fix MFSA2005-55: "XHTML node spoofing" aka CAN-2005-2269.
   * js/src/xpconnect/src/XPCDispObject.cpp,
     js/src/xpconnect/src/XPCIDispatchExtension.cpp,
     js/src/xpconnect/src/xpccomponents.cpp,
     js/src/xpconnect/src/xpcjsruntime.cpp,
     js/src/xpconnect/src/xpcprivate.h,
     js/src/xpconnect/src/xpcwrappednativeinfo.cpp,
     js/src/xpconnect/src/xpcwrappednativejsops.cpp,
     js/src/xpconnect/src/xpcwrappednativescope.cpp: Patch from bz#294795
     to partially fix MFSA2005-56: "Code execution through shared function
     objects" aka CAN-2005-2270.
   * js/src/jsobj.c, js/src/jsregexp.c: Apply patches from bz#296397 to fix
     the rest of CAN-2005-2270.
Files: 
 a5cf2fc8bc04662e6c192c15666011e4 1001 web optional mozilla-firefox_1.0.4-2sarge2.dsc
 45e66f5ddde0d5c016fd15268da0e522 285974 web optional mozilla-firefox_1.0.4-2sarge2.diff.gz
 54e66239bff8195d09a76a8b0c65e096 8887610 web optional mozilla-firefox_1.0.4-2sarge2_i386.deb
 e40d4387cdf627df5706e8a83f39640d 156664 web optional mozilla-firefox-dom-inspector_1.0.4-2sarge2_i386.deb
 3bc7062690df1334a92eeeae36819ea0 53906 web optional mozilla-firefox-gnome-support_1.0.4-2sarge2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC/xY+W5ql+IAeqTIRAicxAJ4jEgpSE78a9TMj+Ak4n/QFdAyjMACePcBj
U8CHa7WKezKU59a8iNp8Q4o=
=yf3x
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jun 2007 02:53:47 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 00:27:58 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.