Ubuntu
xulrunner package

Branches for Intrepid

Name Status Last Modified Last Commit
lp://staging/ubuntu/intrepid/xulrunner 2 Mature 2009-08-20 02:56:15 UTC
26. * New upstream release (taken from up...

Author: Devid Antonio Filoni
Revision Date: 2008-08-25 13:04:18 UTC

* New upstream release (taken from upstream CVS), LP: #254618.
* Fix MFSA 2008-35, MFSA 2008-34, MFSA 2008-33, MFSA 2008-32, MFSA 2008-31,
  MFSA 2008-30, MFSA 2008-29, MFSA 2008-28, MFSA 2008-27, MFSA 2008-25,
  MFSA 2008-24, MFSA 2008-23, MFSA 2008-22, MFSA 2008-21, MFSA 2008-26 also
  known as CVE-2008-2933, CVE-2008-2785, CVE-2008-2811, CVE-2008-2810,
  CVE-2008-2809, CVE-2008-2808, CVE-2008-2807, CVE-2008-2806, CVE-2008-2805,
  CVE-2008-2803, CVE-2008-2802, CVE-2008-2801, CVE-2008-2800, CVE-2008-2798.
* Drop 89_bz419350_attachment_306066 patch, merged upstream.
* Bump Standards-Version to 3.8.0.
lp://staging/ubuntu/intrepid-security/xulrunner 2 Mature 2009-08-20 02:56:24 UTC
27. * New security upstream release - bac...

Author: Alexander Sack
Revision Date: 2009-03-31 19:26:56 UTC

* New security upstream release - backports for ffox 3.0.8
  + Fixed on Firefox EOL branch
    - MFSA 2009-13 Arbitrary code execution through XUL <tree> element
    - MFSA 2009-12 XSL Transformation vulnerability
    - MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
    - MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
    - MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)
    - MFSA 2009-05 XMLHttpRequest allows reading HTTPOnly cookies
    - MFSA 2009-03 Local file stealing with SessionStore
    - MFSA 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6)
  + Fixed in Firefox 2.0.0.20
    - MFSA 2008-65 Cross-domain data theft via script redirect error message (Windows)
  + Fixed in Firefox 2.0.0.19
    - MFSA 2008-69 XSS vulnerabilities in SessionStore
    - MFSA 2008-68 XSS and JavaScript privilege escalation
    - MFSA 2008-67 Escaped null characters ignored by CSS parser
    - MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
    - MFSA 2008-65 Cross-domain data theft via script redirect error message
    - MFSA 2008-64 XMLHttpRequest 302 response disclosure
    - MFSA 2008-62 Additional XSS attack vectors in feed preview
    - MFSA 2008-61 Information stealing via loadBindingDocument
    - MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
  + Fixed in Firefox 2.0.0.18
    - MFSA 2008-58 Parsing error in E4X default namespace
    - MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
    - MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
    - MFSA 2008-55 Crash and remote code execution in nsFrameManager
    - MFSA 2008-54 Buffer overflow in http-index-format parser
    - MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
    - MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
    - MFSA 2008-50 Crash and remote code execution via __proto__ tampering
    - MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
    - MFSA 2008-48 Image stealing via canvas and HTTP redirect
    - MFSA 2008-47 Information stealing via local shortcut files
  + Fixed in Firefox 2.0.0.17
    - MFSA 2008-45 XBM image uninitialized memory reading
    - MFSA 2008-44 resource: traversal vulnerabilities
    - MFSA 2008-43 BOM characters stripped from JavaScript before execution
    - MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
    - MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
    - MFSA 2008-40 Forced mouse drag
    - MFSA 2008-39 Privilege escalation using feed preview page and XSS flaw
    - MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
    - MFSA 2008-37 UTF-8 URL stack buffer overflow
lp://staging/ubuntu/intrepid-updates/xulrunner 2 Mature 2009-08-20 02:56:53 UTC
27. * New security upstream release - bac...

Author: Alexander Sack
Revision Date: 2009-03-31 19:26:56 UTC

* New security upstream release - backports for ffox 3.0.8
  + Fixed on Firefox EOL branch
    - MFSA 2009-13 Arbitrary code execution through XUL <tree> element
    - MFSA 2009-12 XSL Transformation vulnerability
    - MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
    - MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
    - MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)
    - MFSA 2009-05 XMLHttpRequest allows reading HTTPOnly cookies
    - MFSA 2009-03 Local file stealing with SessionStore
    - MFSA 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6)
  + Fixed in Firefox 2.0.0.20
    - MFSA 2008-65 Cross-domain data theft via script redirect error message (Windows)
  + Fixed in Firefox 2.0.0.19
    - MFSA 2008-69 XSS vulnerabilities in SessionStore
    - MFSA 2008-68 XSS and JavaScript privilege escalation
    - MFSA 2008-67 Escaped null characters ignored by CSS parser
    - MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
    - MFSA 2008-65 Cross-domain data theft via script redirect error message
    - MFSA 2008-64 XMLHttpRequest 302 response disclosure
    - MFSA 2008-62 Additional XSS attack vectors in feed preview
    - MFSA 2008-61 Information stealing via loadBindingDocument
    - MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
  + Fixed in Firefox 2.0.0.18
    - MFSA 2008-58 Parsing error in E4X default namespace
    - MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
    - MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
    - MFSA 2008-55 Crash and remote code execution in nsFrameManager
    - MFSA 2008-54 Buffer overflow in http-index-format parser
    - MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
    - MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
    - MFSA 2008-50 Crash and remote code execution via __proto__ tampering
    - MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
    - MFSA 2008-48 Image stealing via canvas and HTTP redirect
    - MFSA 2008-47 Information stealing via local shortcut files
  + Fixed in Firefox 2.0.0.17
    - MFSA 2008-45 XBM image uninitialized memory reading
    - MFSA 2008-44 resource: traversal vulnerabilities
    - MFSA 2008-43 BOM characters stripped from JavaScript before execution
    - MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
    - MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
    - MFSA 2008-40 Forced mouse drag
    - MFSA 2008-39 Privilege escalation using feed preview page and XSS flaw
    - MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
    - MFSA 2008-37 UTF-8 URL stack buffer overflow
13 of 3 results FirstPreviousNextLast