lp:ubuntu/breezy-security/firefox

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

10. By Alexander Sack on 2007-03-24

* New upstream stability and security update
* MFSA2007-11 aka CVE-2007-1562: FTP PASV port-scanning

9. By Alexander Sack on 2007-01-21

* New upstream security update:
* MFSA2007-01 - Crashes with evidence of memory corruption
  (rv:1.8.0.10/1.8.1.2):
   - CVE-2007-0775 - layout engine crashes
   - CVE-2007-0776 - SVG
   - CVE-2007-0777 - javascript engine corruption
* MFSA2007-02 - Improvements to help protect against Cross-Site
  Scripting attacks:
   - CVE-2007-0995 - Invalid trailing characters in HTML tag attributes
   - CVE-2007-0996 - Child frame character set inheritance
   - CVE-2006-6077 - Injected password forms
* MFSA2007-03 aka CVE-2007-0778: Information disclosure through cache
  collisions
* MFSA2007-04 aka CVE-2007-0779: Spoofing using custom cursor and CSS3
  hotspot
* MFSA2007-05 aka CVE-2007-0780, CVE-2007-0800: XSS and local file access
  by opening blocked popups
* MFSA2007-06 aka CVE-2007-0008, CVE-2007-0009: Mozilla Network Security
  Services (NSS) SSLv2 buffer overflow
* MFSA2007-07 aka CVE-2007-0981: Embedded nulls in location.hostname
  confuse same-domain checks
* security/nss/lib/freebl/unix_rand.c: drop no-netstat on linux patch, as
  this is now dealt with by #ifdef DO_NETSTAT
* toolkit/components/passwordmgr/base/nsPasswordManager.cpp: adapt to
  changes in underlying codebase
* security/coreconf/rules.mk: some ppc64 code has been applied upstream;
  dropping our patch.

8. By Kees Cook on 2007-01-26

toolkit/components/passwordmgr/base/nsPasswordManager.cpp: Regression
fix for crashes on auto-filling forms without usernames (Closes LP#77859).

7. By Kees Cook on 2007-01-02

* New upstream security update:
  - CVE-2006-6504, MFSA 2006-73: SVG Processing Remote Code Execution.
  - CVE-2006-6503, MFSA 2006-72: XSS by setting img.src to javascript: URI.
  - CVE-2006-6502, MFSA 2006-71: LiveConnect crash finalizing JS objects.
  - CVE-2006-6501, MFSA 2006-70: Privilege escallation using watch point.
  - CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, MFSA 2006-68: Crashes
    with evidence of memory corruption.

6. By Martin Pitt on 2006-11-14

* New upstream security update:
 - CVE-2006-5463, MFSA 2006-67: Running Script can be recompiled.
 - CVE-2006-5462, MFSA 2006-66: RSA signature forgery (variant).
 - CVE-2006-5464, CVE-2006-5747, CVE-2006-5748, MFSA 2006-65: Crashes with
   evidence of memory corruption.

5. By Ian Jackson on 2006-09-26

* Backported Firefox 1.5 to Breezy for security support,
  using new upstream version 1.5.0.7 (tarball from Debian).
* Removed references to FC_ANY_METRICS.
* libnspr and libnss packages not shipped from here in Breezy; leave
  those libraries in /usr/lib/firefox and adjust .pc files accordingly.
* Do not provide firefox-dbg.
* Completely disable `mstone' homepage override feature.

4. By Ian Jackson on 2006-07-24

Security fix from Eric Dorland:

* content/xul/templates/src/nsXULContentUtils.cpp,
  content/xul/templates/src/nsXULSortService.cpp: A couple of patches
  from Alexander Sack to fix regressions caused by the previous security
  fixes.

All security fixes prepared by Alexander Sack:

* js/src/jsfun.c, js/src/jsinterp.c,
  netwerk/base/src/nsProxyAutoConfig.js: Fix for CVE-2006-2787, aka
  mfsa2006-31.
* netwerk/protocol/http/src/nsHttp.cpp,
  netwerk/protocol/http/src/nsHttp.h,
  netwerk/protocol/http/src/nsHttpChannel.cpp,
  netwerk/protocol/http/src/nsHttpHeaderArray.cpp,
  netwerk/protocol/http/src/nsHttpTransaction.cpp: Fix for
  CVE-2006-2786, aka mfsa2006-33.
* browser/base/content/browser.js,
  xpfe/browser/resources/content/nsBrowserStatusHandler.js,
  xpfe/communicator/resources/content/nsContextMenu.js,
  xpfe/communicator/resources/content/utilityOverlay.js: Fix for "XSS
  viewing javascript: frames or images from context menu", CVE-2006-2785
  aka mfsa2006-34.
* content/xul/document/src/nsXULDocument.cpp,
  content/xul/templates/src/nsXULContentUtils.cpp,
  content/xul/templates/src/nsXULContentUtils.h,
  content/xul/templates/src/nsXULSortService.cpp: Fix for "Privilege
  escalation through XUL persist", CVE-2006-2775 aka mfsa2006-35.
* caps/src/nsScriptSecurityManager.cpp: Fix for "PLUGINSPAGE privileged
  JavaScript execution II", CVE-2006-2784 aka mfsa2006-36.
* dom/src/base/nsDOMClassInfo.cpp, dom/src/base/nsGlobalWindow.cpp: Fix
  for "Remote compromise via content-defined setter on object
  prototypes", CVE-2006-2776 aka mfsa2006-37.
* security/manager/ssl/src/nsCrypto.cpp: Fix for "Buffer overflow in
  crypto.signText()", CVE-2006-2778 aka mfsa2006-38.
* browser/base/content/contentAreaUtils.js,
  caps/src/nsScriptSecurityManager.cpp: Fix for ""View Image" local
  resource linking (Windows)", CVE-2006-1942 aka mfsa2006-39.
* content/html/content/public/Makefile.in,
  content/html/content/public/nsIFileControlElement.h,
  content/html/content/src/nsHTMLInputElement.cpp,
  content/shared/public/nsHTMLAtomList.h,
  layout/html/forms/src/nsFileControlFrame.cpp,
  layout/html/forms/src/nsFileControlFrame.h: Fix for "File stealing by
  changing input type (variant)", CVE-2006-2782 aka mfsa2006-41.
* intl/uconv/src/nsUTF8ToUnicode.cpp, intl/uconv/src/nsUTF8ToUnicode.h:
  Fix for " Web site XSS using BOM on UTF-8 pages", CVE-2006-2783 aka
  mfsa2006-42.
* modules/libpref/src/init/all.js: Fix for "Privilege escalation using
  addSelectionListener", CVE-2006-2777 aka mfsa2006-43.

* content/base/public/nsContentUtils.h,
  content/base/src/nsContentUtils.cpp,
  content/xul/templates/src/nsXULTreeBuilder.cpp,
  layout/xul/base/src/tree/public/nsITreeView.idl,
  layout/xul/base/src/tree/src/nsTreeBoxObject.cpp,
  layout/xul/base/src/tree/src/nsTreeContentView.h,
  content/base/src/nsDocument.cpp, layout/xul/base/src/nsBoxObject.cpp,
  content/html/document/src/nsHTMLContentSink.cpp, js/src/jsstr.c,
  content/xbl/src/nsXBLProtoImplProperty.cpp: Various patches for
  CVE-2006-2779 and CVE-2006-2780 aka mfsa2006-32. Note that this fix is
  incomplete, and is missing the fixes from bz#324918, bz#325730 and
  bz#329982

3. By Martin Pitt on 2006-04-18

* New upstream release which fixes the following vulnerabilities:
  - MFSA 2006-25, CVE-2006-1727: Privilege escalation through Print Preview
  - MFSA 2006-24, CVE-2006-1728: Privilege escalation using
    crypto.generateCRMFRequest
  - MFSA 2006-23, CVE-2006-1729: File stealing by changing input type
  - MFSA 2006-22, CVE-2006-1730: CSS Letter-Spacing Heap Overflow
    Vulnerability
  - MFSA 2006-19, CVE-2006-1731: Cross-site scripting using .valueOf.call()
  - MFSA 2006-18, CVE-2006-0749: Mozilla Firefox Tag Order Vulnerability
  - MFSA 2006-17, CVE-2006-1732: cross-site scripting through
    window.controllers
  - MFSA 2006-16, CVE-2006-1733: Accessing XBL compilation scope via
    valueOf.call()
  - MFSA 2006-15, CVE-2006-1734: Privilege escalation using a JavaScript
    function's cloned parent
  - MFSA 2006-14, CVE-2006-1735: Privilege escalation via XBL.method.eval
  - MFSA 2006-13, CVE-2006-1736: Downloading executables with "Save Image
    As..."
  - MFSA 2006-12, CVE-2006-1740: Secure-site spoof (requires security
    warning dialog)
  - MFSA 2006-11, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,
    CVE-2006-1790: Crashes with evidence of memory corruption (rv:1.8)
  - MFSA 2006-10, CVE-2006-1742: JavaScript garbage-collection hazard audit
  - MFSA 2006-09, CVE-2006-1741: Cross-site JavaScript injection using event
    handlers
  - MFSA 2006-05, CVE-2006-0296: Localstore.rdf XML injection through
    XULDocument.persist()
  - MFSA 2006-03, CVE-2005-4134: Long document title causes startup denial
    of Service
  - MFSA 2006-01, CVE-2006-0292: JavaScript garbage-collection hazards

2. By Ian Jackson on 2005-10-10

Recompile everything -fno-strict-aliasing. See 17276.

1. By Ian Jackson on 2005-10-10

Import upstream version 1.0.7