Ubuntu
firefox package

lp://staging/ubuntu/dapper-proposed/firefox

  1. Dapper (6.06)
  2. dapper-proposed
Created by James Westby and last modified
Get this branch:
bzr branch lp://staging/ubuntu/dapper-proposed/firefox
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

38. By Alexander Sack

preview of security backports for 1.8.1.5 release.

37. By Alexander Sack

* New upstream stability/security release
* MFSA2007-17 aka CVE-2007-2871: XUL Popup Spoofing
* MFSA2007-16 aka CVE-2007-2870: XSS using addEventListener
* MFSA2007-14 aka CVE-2007-1362: Path Abuse in Cookies
* MFSA2007-13 aka CVE-2007-2869: Persistent Autocomplete Denial of Service
* MFSA2007-12 aka CVE-2007-2867 (layout engine) + CVE-2007-2868
  (javascript engine): Crashes with evidence of memory corruption

36. By Alexander Sack

* New upstream stability/security release
* MFSA2007-11 aka CVE-2007-1562: FTP PASV port-scanning

35. By Alexander Sack

* debian/rules: fix for regression: libfreebl3.so installed in wrong directory
  after libnss upstream branch switch (LP#89054, LP#88990).
  add libfreebl3.so to /usr/lib/ in libnss3 package
  - verified fix for evolution
  - verified fix for gaim-encryption

34. By Alexander Sack

* New upstream security update:
* MFSA2007-01 - Crashes with evidence of memory corruption
  (rv:1.8.0.10/1.8.1.2):
   - CVE-2007-0775 - layout engine crashes
   - CVE-2007-0776 - SVG
   - CVE-2007-0777 - javascript engine corruption
* MFSA2007-02 - Improvements to help protect against Cross-Site
  Scripting attacks:
   - CVE-2007-0995 - Invalid trailing characters in HTML tag attributes
   - CVE-2007-0996 - Child frame character set inheritance
   - CVE-2006-6077 - Injected password forms
* MFSA2007-03 aka CVE-2007-0778: Information disclosure through cache
  collisions
* MFSA2007-04 aka CVE-2007-0779: Spoofing using custom cursor and CSS3
  hotspot
* MFSA2007-05 aka CVE-2007-0780, CVE-2007-0800: XSS and local file access
  by opening blocked popups
* MFSA2007-06 aka CVE-2007-0008, CVE-2007-0009: Mozilla Network Security
  Services (NSS) SSLv2 buffer overflow
* MFSA2007-07 aka CVE-2007-0981: Embedded nulls in location.hostname
  confuse same-domain checks
* security/nss/lib/freebl/unix_rand.c: dropping preprocessor condition
  as an equivalent check has been introduced upstream (#ifndef LINUX
  -> #ifdef DO_NETSTAT)
* security/coreconf/rules.mk: adapted patch to changed upstream code base
* security/coreconf/Linux.mk: dropping ppc64 OS_TEST as it has been
  applied upstream
* toolkit/components/passwordmgr/base/nsPasswordManager.cpp: adapting
  patch to updated code-base.

33. By Kees Cook

toolkit/components/passwordmgr/base/nsPasswordManager.cpp: Regression
fix for crashes on auto-filling forms without usernames (Closes LP#77859).

32. By Kees Cook

* New upstream security update:
  - CVE-2006-6504, MFSA 2006-73: SVG Processing Remote Code Execution.
  - CVE-2006-6503, MFSA 2006-72: XSS by setting img.src to javascript: URI.
  - CVE-2006-6502, MFSA 2006-71: LiveConnect crash finalizing JS objects.
  - CVE-2006-6501, MFSA 2006-70: Privilege escallation using watch point.
  - CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, MFSA 2006-68: Crashes
    with evidence of memory corruption.

31. By Martin Pitt

* New upstream security update:
- CVE-2006-5463, MFSA 2006-67: Running Script can be recompiled.
- CVE-2006-5462, MFSA 2006-66: RSA signature forgery (variant).
- CVE-2006-5464, CVE-2006-5747, CVE-2006-5748, MFSA 2006-65: Crashes with
  evidence of memory corruption.

30. By Martin Pitt

* New upstream security update:
  - MFSA 2006-64, CVE-2006-4571: Crashes with evidence of memory corruption
    (rv:1.8.0.7)
  - MFSA 2006-62, CVE-2006-4569: Popup-blocker cross-site scripting (XSS)
  - MFSA 2006-61, CVE-2006-4568: Frame spoofing using document.open()
  - MFSA 2006-60, CVE-2006-4340: RSA Signature Forgery
  - MFSA 2006-59, CVE-2006-4253: Concurrency-related vulnerability
  - MFSA 2006-58, CVE-2006-4567: Auto-Update compromise through DNS and SSL
    spoofing
  - MFSA 2006-57, CVE-2006-4565, CVE-2006-4566: JavaScript Regular Expression
    Heap Corruption

29. By Ian Jackson

Fix to non-HTTP loading of <object ...>'s (eg, streaming media
files). Mozilla Bugzilla #346167. Expected to be the sole
change in Firefox upstream 1.5.0.6.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers