Author: Matthias Klose
Revision Date: 2006-07-17 16:39:05 UTC

Synchronize with Debian unstable.

Author: Matthias Klose
Revision Date: 2006-07-17 16:39:05 UTC

Synchronize with Debian unstable.

Author: Matthias Klose
Revision Date: 2006-02-16 09:58:15 UTC

debian/control: Drop build-dependency on g++-3.4 as well.

Author: Ian Jackson
Revision Date: 2005-10-10 11:56:12 UTC

Recompile everything -fno-strict-aliasing. See 17276.

Author: Thom May
Revision Date: 2005-04-05 17:57:52 UTC

* Fix default homepage
* JS "lambda" replace exposes malloc heap space after end of JS string
  (Ubuntu: #8612)

Author: Fabio Massimo Di Nitto
Revision Date: 2004-09-24 09:16:23 UTC

* Fix all menu entries. (Closes: #1682)
* Set AGAIN mozilla/dsp to auto.

Author: Martin Pitt
Revision Date: 2005-10-12 21:31:52 UTC

Increase version number to be newer than hoary-security.

Author: Martin Pitt
Revision Date: 2006-10-10 10:26:39 UTC

* SECURITY UPDATE: Multiple vulnerabilities.
* Patches taken from Debian security updates 2:1.7.8-1sarge7.2.1,
  2:1.7.8-1sarge7.2.2, and 2:1.7.8-1sarge7.3.1. Thanks to Alexander Sack
  <asac@debian.org> for the huge backporting work!
* CVE-2006-2788: Double-free vulnerability in the getRawDER().
* CVE-2006-3805, CVE-2006-3806, MFSA 2006-50: JavaScript engine vulnerabilities
* CVE-2006-3807, MFSA 2006-51: Privilege escalation using named-functions
  and redefined "new Object()"
* CVE-2006-3808, MFSA 2006-52: PAC privilege escalation using
  Function.prototype.call
* CVE-2006-3809, MFSA 2006-53: UniversalBrowserRead privilege escalation
* CVE-2006-3811, MFSA 2006-55: Crashes with evidence of memory corruption
  (rv:1.8.0.5)
* CVE-2006-4565, MFSA 2006-57: JavaScript Regular Expression Heap Corruption
* CVE-2006-4340, MFSA 2006-60: RSA Signature Forgery
* CVE-2006-4568, MFSA 2006-61: Frame spoofing using document.open()
* CVE-2006-4570, MFSA 2006-63: JavaScript execution in mail via XBL
* CVE-2006-4571, MFSA 2006-64: Crashes with evidence of memory corruption
  (rv:1.8.0.7)

Author: Martin Pitt
Revision Date: 2006-10-10 09:50:19 UTC

* SECURITY UPDATE: Multiple vulnerabilities.
* Patches taken from Debian security updates 2:1.7.8-1sarge7.2.1,
  2:1.7.8-1sarge7.2.2, and 2:1.7.8-1sarge7.3.1. Thanks to Alexander Sack
  <asac@debian.org> for the huge backporting work!
* CVE-2006-2788: Double-free vulnerability in the getRawDER().
* CVE-2006-3805, CVE-2006-3806, MFSA 2006-50: JavaScript engine vulnerabilities
* CVE-2006-3807, MFSA 2006-51: Privilege escalation using named-functions
  and redefined "new Object()"
* CVE-2006-3808, MFSA 2006-52: PAC privilege escalation using
  Function.prototype.call
* CVE-2006-3809, MFSA 2006-53: UniversalBrowserRead privilege escalation
* CVE-2006-3811, MFSA 2006-55: Crashes with evidence of memory corruption
  (rv:1.8.0.5)
* CVE-2006-4565, MFSA 2006-57: JavaScript Regular Expression Heap Corruption
* CVE-2006-4340, MFSA 2006-60: RSA Signature Forgery
* CVE-2006-4568, MFSA 2006-61: Frame spoofing using document.open()
* CVE-2006-4570, MFSA 2006-63: JavaScript execution in mail via XBL
* CVE-2006-4571, MFSA 2006-64: Crashes with evidence of memory corruption
  (rv:1.8.0.7)

Author: Martin Pitt
Revision Date: 2006-04-27 14:17:44 UTC

* New upstream release which fixes the following vulnerabilities:
  - MFSA 2006-27, CVE-2006-0748: Table Rebuilding Code Execution
    Vulnerability
  - MFSA 2006-25, CVE-2006-1727: Privilege escalation through Print Preview
  - MFSA 2006-24, CVE-2006-1728: Privilege escalation using
    crypto.generateCRMFRequest
  - MFSA 2006-23, CVE-2006-1729: File stealing by changing input type
  - MFSA 2006-22, CVE-2006-1730: CSS Letter-Spacing Heap Overflow
    Vulnerability
  - MFSA 2006-21, CVE-2006-0884: JavaScript execution in mail when
    forwarding in-line
  - MFSA 2006-19, CVE-2006-1731: Cross-site scripting using .valueOf.call()
  - MFSA 2006-18, CVE-2006-0749: Mozilla Firefox Tag Order Vulnerability
  - MFSA 2006-17, CVE-2006-1732: cross-site scripting through
    window.controllers
  - MFSA 2006-16, CVE-2006-1733: Accessing XBL compilation scope via
    valueOf.call()
  - MFSA 2006-15, CVE-2006-1734: Privilege escalation using a JavaScript
    function's cloned parent
  - MFSA 2006-14, CVE-2006-1735: Privilege escalation via XBL.method.eval
  - MFSA 2006-13, CVE-2006-1736: Downloading executables with "Save Image
    As..."
  - MFSA 2006-12, CVE-2006-1740: Secure-site spoof (requires security
    warning dialog)
  - MFSA 2006-11, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,
    CVE-2006-1790: Crashes with evidence of memory corruption (rv:1.8)
  - MFSA 2006-10, CVE-2006-1742: JavaScript garbage-collection hazard audit
  - MFSA 2006-09, CVE-2006-1741: Cross-site JavaScript injection using event
    handlers
  - MFSA 2006-05, CVE-2006-0296: Localstore.rdf XML injection through
    XULDocument.persist()
  - MFSA 2006-03, CVE-2005-4134: Long document title causes startup denial
    of Service
  - MFSA 2006-01, CVE-2006-0292: JavaScript garbage-collection hazards