Back to mozilla-firefox PTS page

Accepted mozilla-firefox 1.0.4-2sarge2 (source i386)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 12 Aug 2005 19:52:58 -0400
Source: mozilla-firefox
Binary: mozilla-firefox mozilla-firefox-gnome-support mozilla-firefox-dom-inspector
Architecture: source i386
Version: 1.0.4-2sarge2
Distribution: stable-security
Urgency: critical
Maintainer: Eric Dorland <eric@debian.org>
Changed-By: Eric Dorland <eric@debian.org>
Description: 
 mozilla-firefox - lightweight web browser based on Mozilla
 mozilla-firefox-dom-inspector - tool for inspecting the DOM of pages in Mozilla Firefox
 mozilla-firefox-gnome-support - Support for Gnome in Mozilla Firefox
Closes: 318061
Changes: 
 mozilla-firefox (1.0.4-2sarge2) stable-security; urgency=critical
 .
   * Fixes for various security vulnerabilities. (Closes: #318061)
   * The previous (unreleased) version fixes MFSA2005-51: "The return of
     frame-injection spoofing" aka CAN-2005-1937, which is really just the
     return of CAN-2004-0718.
   * accessible/src/base/nsBaseWidgetAccessible.cpp,
     content/base/public/nsContentUtils.h,
     content/base/src/nsContentUtils.cpp, content/base/src/nsDocument.cpp,
     content/base/src/nsDocument.h, content/base/src/nsDocumentViewer.cpp,
     content/base/src/nsGenericDOMDataNode.cpp,
     content/base/src/nsGenericElement.cpp,
     content/base/src/nsGenericElement.h,
     content/base/src/nsImageLoadingContent.cpp,
     content/base/src/nsSelection.cpp,
     content/events/public/nsIEventListenerManager.h,
     content/events/public/nsIPrivateDOMEvent.h,
     content/events/public/nsMutationEvent.h,
     content/events/src/nsDOMEvent.cpp,
     content/events/src/nsEventListenerManager.cpp,
     content/events/src/nsEventListenerManager.h,
     content/events/src/nsEventStateManager.cpp,
     content/html/content/src/nsGenericHTMLElement.cpp,
     content/html/content/src/nsHTMLButtonElement.cpp,
     content/html/content/src/nsHTMLFormElement.cpp,
     content/html/content/src/nsHTMLInputElement.cpp,
     content/html/content/src/nsHTMLScriptElement.cpp,
     content/html/content/src/nsHTMLSelectElement.cpp,
     content/html/content/src/nsHTMLTextAreaElement.cpp,
     content/svg/content/src/nsSVGElement.cpp,
     content/xbl/src/nsXBLBinding.cpp, content/xbl/src/nsXBLBinding.h,
     content/xbl/src/nsXBLPrototypeHandler.cpp,
     content/xml/content/src/nsXMLElement.cpp,
     content/xml/document/src/nsXMLDocument.cpp,
     content/xul/content/src/nsXULElement.cpp,
     content/xul/document/src/nsXULCommandDispatcher.cpp,
     content/xul/document/src/nsXULDocument.cpp,
     dom/public/idl/events/Makefile.in, dom/src/base/nsDOMClassInfo.cpp,
     dom/src/base/nsDOMClassInfo.h, dom/src/base/nsGlobalWindow.cpp,
     dom/src/base/nsGlobalWindow.h, dom/src/base/nsJSEnvironment.cpp,
     dom/src/base/nsWindowRoot.cpp, dom/src/base/nsWindowRoot.h,
     extensions/xmlextras/base/src/nsXMLHttpRequest.cpp,
     layout/html/base/src/nsGfxScrollFrame.cpp,
     layout/html/base/src/nsObjectFrame.cpp,
     layout/html/base/src/nsPresShell.cpp,
     layout/html/forms/public/nsIFormControlFrame.h,
     layout/html/forms/src/nsComboboxControlFrame.cpp,
     layout/html/forms/src/nsComboboxControlFrame.h,
     layout/html/forms/src/nsFileControlFrame.h,
     layout/html/forms/src/nsFormControlFrame.cpp,
     layout/html/forms/src/nsFormControlFrame.h,
     layout/html/forms/src/nsGfxButtonControlFrame.cpp,
     layout/html/forms/src/nsHTMLButtonControlFrame.cpp,
     layout/html/forms/src/nsHTMLButtonControlFrame.h,
     layout/html/forms/src/nsImageControlFrame.cpp,
     layout/html/forms/src/nsListControlFrame.cpp,
     layout/html/forms/src/nsListControlFrame.h,
     layout/html/forms/src/nsTextControlFrame.cpp,
     layout/html/forms/src/nsTextControlFrame.h,
     layout/xul/base/src/nsBoxFrame.cpp,
     layout/xul/base/src/nsButtonBoxFrame.cpp,
     layout/xul/base/src/nsButtonBoxFrame.h,
     layout/xul/base/src/nsImageBoxFrame.cpp,
     layout/xul/base/src/nsMenuFrame.cpp,
     layout/xul/base/src/nsPopupSetFrame.cpp,
     layout/xul/base/src/nsResizerFrame.cpp,
     layout/xul/base/src/nsResizerFrame.h,
     layout/xul/base/src/nsScrollBoxFrame.cpp,
     layout/xul/base/src/nsScrollbarButtonFrame.cpp,
     layout/xul/base/src/nsTitleBarFrame.cpp,
     layout/xul/base/src/nsTitleBarFrame.h,
     layout/xul/base/src/tree/src/nsTreeBodyFrame.cpp,
     layout/xul/base/src/tree/src/nsTreeSelection.cpp,
     toolkit/components/satchel/src/nsFormFillController.cpp,
     view/public/nsIViewObserver.h, view/src/nsViewManager.cpp,
     webshell/public/nsILinkHandler.h, widget/public/nsEvent.h,
     widget/public/nsGUIEvent.h, widget/public/nsIEventListener.h,
     widget/public/nsIWidget.h, widget/src/beos/nsWindow.cpp,
     widget/src/cocoa/nsChildView.mm, widget/src/cocoa/nsCocoaWindow.mm,
     widget/src/cocoa/nsMenuBarX.cpp, widget/src/cocoa/nsMenuItemX.cpp,
     widget/src/cocoa/nsMenuX.cpp, widget/src/gtk/nsGtkEventHandler.cpp,
     widget/src/gtk/nsWidget.cpp, widget/src/gtk/nsWindow.cpp,
     widget/src/gtk2/nsCommonWidget.cpp, widget/src/gtk2/nsWindow.cpp,
     widget/src/mac/nsMacControl.cpp, widget/src/mac/nsMacEventHandler.cpp,
     widget/src/mac/nsMacWindow.cpp, widget/src/mac/nsMenuBarX.cpp,
     widget/src/mac/nsMenuX.cpp, widget/src/mac/nsWindow.cpp,
     widget/src/os2/nsFrameWindow.cpp, widget/src/os2/nsWindow.cpp,
     widget/src/photon/nsWidget.cpp, widget/src/photon/nsWidget.h,
     widget/src/photon/nsWindow.cpp,
     widget/src/windows/nsNativeDragTarget.cpp,
     widget/src/windows/nsWindow.cpp, widget/src/xlib/nsAppShell.cpp,
     widget/src/xlib/nsWidget.cpp, widget/src/xlib/nsWindow.cpp,
     xpfe/appshell/src/nsWebShellWindow.cpp,
     xpfe/appshell/src/nsXULWindow.cpp: Huge patch from bz#289940 to fix
     MFSA2005-45: "Content-generated event vulnerabilities" aka
     CAN-2005-2260.
   * content/base/src/nsContentUtils.cpp,
     dom/public/idl/events/nsIDOMNSEventTarget.idl: Fixes for the above
     patch.
   * content/xbl/src/nsXBLBinding.cpp: Patch from bz#292591 to fix
     MFSA2005-46: "XBL scripts ran even when Javascript disabled" aka
     CAN-2005-2261.
   * browser/base/content/browser.js,
     browser/base/content/setWallpaper.xul: Patch from bz#292737 to fix
     MFSA2005-47: "Code execution via "Set as Wallpaper"", aka
     CAN-2005-2262.
   * xpinstall/src/nsJSInstallTriggerGlobal.cpp,
     xpinstall/src/nsXPITriggerInfo.h, xpinstall/src/nsXPITriggerInfo.cpp:
     Patch from bz#293331 to fix MFSA2005-48: "Same-origin violation with
     InstallTrigger callback" aka CAN-2005-2263.
   * browser/base/content/browser.js: Patch from bz#294074 to fix
     MFSA2005-49: "Script injection from Firefox sidebar panel using
     data:"; aka CAN-2005-2264.
   * xpinstall/src/nsJSInstall.cpp, xpinstall/src/nsJSWinProfile.cpp,
     xpinstall/src/nsJSInstallTriggerGlobal.cpp,
     xpinstall/src/nsJSInstallVersion.cpp, xpinstall/src/nsJSFile.cpp,
     xpinstall/src/nsJSWinReg.cpp, xpinstall/src/nsJSFileSpecObj.cpp:
     Patches from bz#295854 to fix MFSA2005-50: "Possibly exploitable crash
     in InstallVersion.compareTo" aka CAN-2005-2265.
   * content/html/document/src/nsHTMLDocument.cpp: Patch from bz#296830 to
     fix MFSA2005-52: " Same origin violation: frame calling top.focus()"
     aka CAN-2005-2266.
   * browser/base/content/browser.js, docshell/base/nsDocShell.cpp,
     docshell/base/nsDocShell.h, docshell/base/nsIDocShellLoadInfo.idl,
     docshell/base/nsIWebNavigation.idl: Patch from bz#298255 for
     MFSA2005-53: "Standalone applications can run arbitrary code through
     the browser" aka CAN-2005-2267.
   * dom/src/base/nsGlobalWindow.cpp: Patch from bz#298934 for MFSA2005-54:
     "Javascript prompt origin spoofing" aka CAN-2005-2268.
   * browser/base/content/browser.js,
     browser/base/content/utilityOverlay.js,
     toolkit/components/help/content/help.js,
     xpfe/communicator/resources/content/contentAreaUtils.js,
     xpfe/communicator/resources/content/contentAreaClick.js,
     xpfe/communicator/resources/content/nsContextMenu.js: Patches from
     bz#298892 to fix MFSA2005-55: "XHTML node spoofing" aka CAN-2005-2269.
   * js/src/xpconnect/src/XPCDispObject.cpp,
     js/src/xpconnect/src/XPCIDispatchExtension.cpp,
     js/src/xpconnect/src/xpccomponents.cpp,
     js/src/xpconnect/src/xpcjsruntime.cpp,
     js/src/xpconnect/src/xpcprivate.h,
     js/src/xpconnect/src/xpcwrappednativeinfo.cpp,
     js/src/xpconnect/src/xpcwrappednativejsops.cpp,
     js/src/xpconnect/src/xpcwrappednativescope.cpp: Patch from bz#294795
     to partially fix MFSA2005-56: "Code execution through shared function
     objects" aka CAN-2005-2270.
   * js/src/jsobj.c, js/src/jsregexp.c: Apply patches from bz#296397 to fix
     the rest of CAN-2005-2270.
Files: 
 a5cf2fc8bc04662e6c192c15666011e4 1001 web optional mozilla-firefox_1.0.4-2sarge2.dsc
 45e66f5ddde0d5c016fd15268da0e522 285974 web optional mozilla-firefox_1.0.4-2sarge2.diff.gz
 54e66239bff8195d09a76a8b0c65e096 8887610 web optional mozilla-firefox_1.0.4-2sarge2_i386.deb
 e40d4387cdf627df5706e8a83f39640d 156664 web optional mozilla-firefox-dom-inspector_1.0.4-2sarge2_i386.deb
 3bc7062690df1334a92eeeae36819ea0 53906 web optional mozilla-firefox-gnome-support_1.0.4-2sarge2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC/xY+W5ql+IAeqTIRAicxAJ4jEgpSE78a9TMj+Ak4n/QFdAyjMACePcBj
U8CHa7WKezKU59a8iNp8Q4o=
=yf3x
-----END PGP SIGNATURE-----


Accepted:
mozilla-firefox-dom-inspector_1.0.4-2sarge2_i386.deb
  to pool/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge2_i386.deb
mozilla-firefox-gnome-support_1.0.4-2sarge2_i386.deb
  to pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge2_i386.deb
mozilla-firefox_1.0.4-2sarge2.diff.gz
  to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge2.diff.gz
mozilla-firefox_1.0.4-2sarge2.dsc
  to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge2.dsc
mozilla-firefox_1.0.4-2sarge2_i386.deb
  to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge2_i386.deb


-- 
To UNSUBSCRIBE, email to debian-changes-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org