lp:ubuntu/breezy-security/firefox
- Get this branch:
- bzr branch lp:ubuntu/breezy-security/firefox
Branch merges
Branch information
Recent revisions
- 10. By Alexander Sack
-
* New upstream stability and security update
* MFSA2007-11 aka CVE-2007-1562: FTP PASV port-scanning - 9. By Alexander Sack
-
* New upstream security update:
* MFSA2007-01 - Crashes with evidence of memory corruption
(rv:1.8.0.10/ 1.8.1.2) :
- CVE-2007-0775 - layout engine crashes
- CVE-2007-0776 - SVG
- CVE-2007-0777 - javascript engine corruption
* MFSA2007-02 - Improvements to help protect against Cross-Site
Scripting attacks:
- CVE-2007-0995 - Invalid trailing characters in HTML tag attributes
- CVE-2007-0996 - Child frame character set inheritance
- CVE-2006-6077 - Injected password forms
* MFSA2007-03 aka CVE-2007-0778: Information disclosure through cache
collisions
* MFSA2007-04 aka CVE-2007-0779: Spoofing using custom cursor and CSS3
hotspot
* MFSA2007-05 aka CVE-2007-0780, CVE-2007-0800: XSS and local file access
by opening blocked popups
* MFSA2007-06 aka CVE-2007-0008, CVE-2007-0009: Mozilla Network Security
Services (NSS) SSLv2 buffer overflow
* MFSA2007-07 aka CVE-2007-0981: Embedded nulls in location.hostname
confuse same-domain checks
* security/nss/lib/ freebl/ unix_rand. c: drop no-netstat on linux patch, as
this is now dealt with by #ifdef DO_NETSTAT
* toolkit/components/ passwordmgr/ base/nsPassword Manager. cpp: adapt to
changes in underlying codebase
* security/coreconf/ rules.mk: some ppc64 code has been applied upstream;
dropping our patch. - 8. By Kees Cook
-
toolkit/
components/ passwordmgr/ base/nsPassword Manager. cpp: Regression
fix for crashes on auto-filling forms without usernames (Closes LP#77859). - 7. By Kees Cook
-
* New upstream security update:
- CVE-2006-6504, MFSA 2006-73: SVG Processing Remote Code Execution.
- CVE-2006-6503, MFSA 2006-72: XSS by setting img.src to javascript: URI.
- CVE-2006-6502, MFSA 2006-71: LiveConnect crash finalizing JS objects.
- CVE-2006-6501, MFSA 2006-70: Privilege escallation using watch point.
- CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, MFSA 2006-68: Crashes
with evidence of memory corruption. - 6. By Martin Pitt
-
* New upstream security update:
- CVE-2006-5463, MFSA 2006-67: Running Script can be recompiled.
- CVE-2006-5462, MFSA 2006-66: RSA signature forgery (variant).
- CVE-2006-5464, CVE-2006-5747, CVE-2006-5748, MFSA 2006-65: Crashes with
evidence of memory corruption. - 5. By Ian Jackson
-
* Backported Firefox 1.5 to Breezy for security support,
using new upstream version 1.5.0.7 (tarball from Debian).
* Removed references to FC_ANY_METRICS.
* libnspr and libnss packages not shipped from here in Breezy; leave
those libraries in /usr/lib/firefox and adjust .pc files accordingly.
* Do not provide firefox-dbg.
* Completely disable `mstone' homepage override feature. - 4. By Ian Jackson
-
Security fix from Eric Dorland:
* content/
xul/templates/ src/nsXULConten tUtils. cpp,
content/xul/templates/ src/nsXULSortSe rvice.cpp: A couple of patches
from Alexander Sack to fix regressions caused by the previous security
fixes.All security fixes prepared by Alexander Sack:
* js/src/jsfun.c, js/src/jsinterp.c,
netwerk/base/src/ nsProxyAutoConf ig.js: Fix for CVE-2006-2787, aka
mfsa2006-31.
* netwerk/protocol/ http/src/ nsHttp. cpp,
netwerk/protocol/ http/src/ nsHttp. h,
netwerk/protocol/ http/src/ nsHttpChannel. cpp,
netwerk/protocol/ http/src/ nsHttpHeaderArr ay.cpp,
netwerk/protocol/ http/src/ nsHttpTransacti on.cpp: Fix for
CVE-2006-2786, aka mfsa2006-33.
* browser/base/content/ browser. js,
xpfe/browser/ resources/ content/ nsBrowserStatus Handler. js,
xpfe/communicator/ resources/ content/ nsContextMenu. js,
xpfe/communicator/ resources/ content/ utilityOverlay. js: Fix for "XSS
viewing javascript: frames or images from context menu", CVE-2006-2785
aka mfsa2006-34.
* content/xul/document/ src/nsXULDocume nt.cpp,
content/xul/templates/ src/nsXULConten tUtils. cpp,
content/xul/templates/ src/nsXULConten tUtils. h,
content/xul/templates/ src/nsXULSortSe rvice.cpp: Fix for "Privilege
escalation through XUL persist", CVE-2006-2775 aka mfsa2006-35.
* caps/src/nsScriptSecurit yManager. cpp: Fix for "PLUGINSPAGE privileged
JavaScript execution II", CVE-2006-2784 aka mfsa2006-36.
* dom/src/base/nsDOMClass Info.cpp, dom/src/ base/nsGlobalWi ndow.cpp: Fix
for "Remote compromise via content-defined setter on object
prototypes", CVE-2006-2776 aka mfsa2006-37.
* security/manager/ ssl/src/ nsCrypto. cpp: Fix for "Buffer overflow in
crypto.signText( )", CVE-2006-2778 aka mfsa2006-38.
* browser/base/content/ contentAreaUtil s.js,
caps/src/nsScriptSec urityManager. cpp: Fix for ""View Image" local
resource linking (Windows)", CVE-2006-1942 aka mfsa2006-39.
* content/html/content/ public/ Makefile. in,
content/html/content/ public/ nsIFileControlE lement. h,
content/html/content/ src/nsHTMLInput Element. cpp,
content/shared/ public/ nsHTMLAtomList. h,
layout/html/forms/ src/nsFileContr olFrame. cpp,
layout/html/forms/ src/nsFileContr olFrame. h: Fix for "File stealing by
changing input type (variant)", CVE-2006-2782 aka mfsa2006-41.
* intl/uconv/src/nsUTF8ToUni code.cpp, intl/uconv/ src/nsUTF8ToUni code.h:
Fix for " Web site XSS using BOM on UTF-8 pages", CVE-2006-2783 aka
mfsa2006-42.
* modules/libpref/ src/init/ all.js: Fix for "Privilege escalation using
addSelectionListener" , CVE-2006-2777 aka mfsa2006-43. * content/
base/public/ nsContentUtils. h,
content/base/src/ nsContentUtils. cpp,
content/xul/templates/ src/nsXULTreeBu ilder.cpp,
layout/xul/base/ src/tree/ public/ nsITreeView. idl,
layout/xul/base/ src/tree/ src/nsTreeBoxOb ject.cpp,
layout/xul/base/ src/tree/ src/nsTreeConte ntView. h,
content/base/src/ nsDocument. cpp, layout/ xul/base/ src/nsBoxObject .cpp,
content/html/document/ src/nsHTMLConte ntSink. cpp, js/src/jsstr.c,
content/xbl/src/ nsXBLProtoImplP roperty. cpp: Various patches for
CVE-2006-2779 and CVE-2006-2780 aka mfsa2006-32. Note that this fix is
incomplete, and is missing the fixes from bz#324918, bz#325730 and
bz#329982 - 3. By Martin Pitt
-
* New upstream release which fixes the following vulnerabilities:
- MFSA 2006-25, CVE-2006-1727: Privilege escalation through Print Preview
- MFSA 2006-24, CVE-2006-1728: Privilege escalation using
crypto.generateCRMFReq uest
- MFSA 2006-23, CVE-2006-1729: File stealing by changing input type
- MFSA 2006-22, CVE-2006-1730: CSS Letter-Spacing Heap Overflow
Vulnerability
- MFSA 2006-19, CVE-2006-1731: Cross-site scripting using .valueOf.call()
- MFSA 2006-18, CVE-2006-0749: Mozilla Firefox Tag Order Vulnerability
- MFSA 2006-17, CVE-2006-1732: cross-site scripting through
window.controllers
- MFSA 2006-16, CVE-2006-1733: Accessing XBL compilation scope via
valueOf.call()
- MFSA 2006-15, CVE-2006-1734: Privilege escalation using a JavaScript
function's cloned parent
- MFSA 2006-14, CVE-2006-1735: Privilege escalation via XBL.method.eval
- MFSA 2006-13, CVE-2006-1736: Downloading executables with "Save Image
As..."
- MFSA 2006-12, CVE-2006-1740: Secure-site spoof (requires security
warning dialog)
- MFSA 2006-11, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,
CVE-2006-1790: Crashes with evidence of memory corruption (rv:1.8)
- MFSA 2006-10, CVE-2006-1742: JavaScript garbage-collection hazard audit
- MFSA 2006-09, CVE-2006-1741: Cross-site JavaScript injection using event
handlers
- MFSA 2006-05, CVE-2006-0296: Localstore.rdf XML injection through
XULDocument.persist( )
- MFSA 2006-03, CVE-2005-4134: Long document title causes startup denial
of Service
- MFSA 2006-01, CVE-2006-0292: JavaScript garbage-collection hazards
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)