Accepted mozilla-firefox 1.0.4-2sarge2 (source i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 12 Aug 2005 19:52:58 -0400
Source: mozilla-firefox
Binary: mozilla-firefox mozilla-firefox-gnome-support mozilla-firefox-dom-inspector
Architecture: source i386
Version: 1.0.4-2sarge2
Distribution: stable-security
Urgency: critical
Maintainer: Eric Dorland <eric@debian.org>
Changed-By: Eric Dorland <eric@debian.org>
Description:
mozilla-firefox - lightweight web browser based on Mozilla
mozilla-firefox-dom-inspector - tool for inspecting the DOM of pages in Mozilla Firefox
mozilla-firefox-gnome-support - Support for Gnome in Mozilla Firefox
Closes: 318061
Changes:
mozilla-firefox (1.0.4-2sarge2) stable-security; urgency=critical
.
* Fixes for various security vulnerabilities. (Closes: #318061)
* The previous (unreleased) version fixes MFSA2005-51: "The return of
frame-injection spoofing" aka CAN-2005-1937, which is really just the
return of CAN-2004-0718.
* accessible/src/base/nsBaseWidgetAccessible.cpp,
content/base/public/nsContentUtils.h,
content/base/src/nsContentUtils.cpp, content/base/src/nsDocument.cpp,
content/base/src/nsDocument.h, content/base/src/nsDocumentViewer.cpp,
content/base/src/nsGenericDOMDataNode.cpp,
content/base/src/nsGenericElement.cpp,
content/base/src/nsGenericElement.h,
content/base/src/nsImageLoadingContent.cpp,
content/base/src/nsSelection.cpp,
content/events/public/nsIEventListenerManager.h,
content/events/public/nsIPrivateDOMEvent.h,
content/events/public/nsMutationEvent.h,
content/events/src/nsDOMEvent.cpp,
content/events/src/nsEventListenerManager.cpp,
content/events/src/nsEventListenerManager.h,
content/events/src/nsEventStateManager.cpp,
content/html/content/src/nsGenericHTMLElement.cpp,
content/html/content/src/nsHTMLButtonElement.cpp,
content/html/content/src/nsHTMLFormElement.cpp,
content/html/content/src/nsHTMLInputElement.cpp,
content/html/content/src/nsHTMLScriptElement.cpp,
content/html/content/src/nsHTMLSelectElement.cpp,
content/html/content/src/nsHTMLTextAreaElement.cpp,
content/svg/content/src/nsSVGElement.cpp,
content/xbl/src/nsXBLBinding.cpp, content/xbl/src/nsXBLBinding.h,
content/xbl/src/nsXBLPrototypeHandler.cpp,
content/xml/content/src/nsXMLElement.cpp,
content/xml/document/src/nsXMLDocument.cpp,
content/xul/content/src/nsXULElement.cpp,
content/xul/document/src/nsXULCommandDispatcher.cpp,
content/xul/document/src/nsXULDocument.cpp,
dom/public/idl/events/Makefile.in, dom/src/base/nsDOMClassInfo.cpp,
dom/src/base/nsDOMClassInfo.h, dom/src/base/nsGlobalWindow.cpp,
dom/src/base/nsGlobalWindow.h, dom/src/base/nsJSEnvironment.cpp,
dom/src/base/nsWindowRoot.cpp, dom/src/base/nsWindowRoot.h,
extensions/xmlextras/base/src/nsXMLHttpRequest.cpp,
layout/html/base/src/nsGfxScrollFrame.cpp,
layout/html/base/src/nsObjectFrame.cpp,
layout/html/base/src/nsPresShell.cpp,
layout/html/forms/public/nsIFormControlFrame.h,
layout/html/forms/src/nsComboboxControlFrame.cpp,
layout/html/forms/src/nsComboboxControlFrame.h,
layout/html/forms/src/nsFileControlFrame.h,
layout/html/forms/src/nsFormControlFrame.cpp,
layout/html/forms/src/nsFormControlFrame.h,
layout/html/forms/src/nsGfxButtonControlFrame.cpp,
layout/html/forms/src/nsHTMLButtonControlFrame.cpp,
layout/html/forms/src/nsHTMLButtonControlFrame.h,
layout/html/forms/src/nsImageControlFrame.cpp,
layout/html/forms/src/nsListControlFrame.cpp,
layout/html/forms/src/nsListControlFrame.h,
layout/html/forms/src/nsTextControlFrame.cpp,
layout/html/forms/src/nsTextControlFrame.h,
layout/xul/base/src/nsBoxFrame.cpp,
layout/xul/base/src/nsButtonBoxFrame.cpp,
layout/xul/base/src/nsButtonBoxFrame.h,
layout/xul/base/src/nsImageBoxFrame.cpp,
layout/xul/base/src/nsMenuFrame.cpp,
layout/xul/base/src/nsPopupSetFrame.cpp,
layout/xul/base/src/nsResizerFrame.cpp,
layout/xul/base/src/nsResizerFrame.h,
layout/xul/base/src/nsScrollBoxFrame.cpp,
layout/xul/base/src/nsScrollbarButtonFrame.cpp,
layout/xul/base/src/nsTitleBarFrame.cpp,
layout/xul/base/src/nsTitleBarFrame.h,
layout/xul/base/src/tree/src/nsTreeBodyFrame.cpp,
layout/xul/base/src/tree/src/nsTreeSelection.cpp,
toolkit/components/satchel/src/nsFormFillController.cpp,
view/public/nsIViewObserver.h, view/src/nsViewManager.cpp,
webshell/public/nsILinkHandler.h, widget/public/nsEvent.h,
widget/public/nsGUIEvent.h, widget/public/nsIEventListener.h,
widget/public/nsIWidget.h, widget/src/beos/nsWindow.cpp,
widget/src/cocoa/nsChildView.mm, widget/src/cocoa/nsCocoaWindow.mm,
widget/src/cocoa/nsMenuBarX.cpp, widget/src/cocoa/nsMenuItemX.cpp,
widget/src/cocoa/nsMenuX.cpp, widget/src/gtk/nsGtkEventHandler.cpp,
widget/src/gtk/nsWidget.cpp, widget/src/gtk/nsWindow.cpp,
widget/src/gtk2/nsCommonWidget.cpp, widget/src/gtk2/nsWindow.cpp,
widget/src/mac/nsMacControl.cpp, widget/src/mac/nsMacEventHandler.cpp,
widget/src/mac/nsMacWindow.cpp, widget/src/mac/nsMenuBarX.cpp,
widget/src/mac/nsMenuX.cpp, widget/src/mac/nsWindow.cpp,
widget/src/os2/nsFrameWindow.cpp, widget/src/os2/nsWindow.cpp,
widget/src/photon/nsWidget.cpp, widget/src/photon/nsWidget.h,
widget/src/photon/nsWindow.cpp,
widget/src/windows/nsNativeDragTarget.cpp,
widget/src/windows/nsWindow.cpp, widget/src/xlib/nsAppShell.cpp,
widget/src/xlib/nsWidget.cpp, widget/src/xlib/nsWindow.cpp,
xpfe/appshell/src/nsWebShellWindow.cpp,
xpfe/appshell/src/nsXULWindow.cpp: Huge patch from bz#289940 to fix
MFSA2005-45: "Content-generated event vulnerabilities" aka
CAN-2005-2260.
* content/base/src/nsContentUtils.cpp,
dom/public/idl/events/nsIDOMNSEventTarget.idl: Fixes for the above
patch.
* content/xbl/src/nsXBLBinding.cpp: Patch from bz#292591 to fix
MFSA2005-46: "XBL scripts ran even when Javascript disabled" aka
CAN-2005-2261.
* browser/base/content/browser.js,
browser/base/content/setWallpaper.xul: Patch from bz#292737 to fix
MFSA2005-47: "Code execution via "Set as Wallpaper"", aka
CAN-2005-2262.
* xpinstall/src/nsJSInstallTriggerGlobal.cpp,
xpinstall/src/nsXPITriggerInfo.h, xpinstall/src/nsXPITriggerInfo.cpp:
Patch from bz#293331 to fix MFSA2005-48: "Same-origin violation with
InstallTrigger callback" aka CAN-2005-2263.
* browser/base/content/browser.js: Patch from bz#294074 to fix
MFSA2005-49: "Script injection from Firefox sidebar panel using
data:" aka CAN-2005-2264.
* xpinstall/src/nsJSInstall.cpp, xpinstall/src/nsJSWinProfile.cpp,
xpinstall/src/nsJSInstallTriggerGlobal.cpp,
xpinstall/src/nsJSInstallVersion.cpp, xpinstall/src/nsJSFile.cpp,
xpinstall/src/nsJSWinReg.cpp, xpinstall/src/nsJSFileSpecObj.cpp:
Patches from bz#295854 to fix MFSA2005-50: "Possibly exploitable crash
in InstallVersion.compareTo" aka CAN-2005-2265.
* content/html/document/src/nsHTMLDocument.cpp: Patch from bz#296830 to
fix MFSA2005-52: " Same origin violation: frame calling top.focus()"
aka CAN-2005-2266.
* browser/base/content/browser.js, docshell/base/nsDocShell.cpp,
docshell/base/nsDocShell.h, docshell/base/nsIDocShellLoadInfo.idl,
docshell/base/nsIWebNavigation.idl: Patch from bz#298255 for
MFSA2005-53: "Standalone applications can run arbitrary code through
the browser" aka CAN-2005-2267.
* dom/src/base/nsGlobalWindow.cpp: Patch from bz#298934 for MFSA2005-54:
"Javascript prompt origin spoofing" aka CAN-2005-2268.
* browser/base/content/browser.js,
browser/base/content/utilityOverlay.js,
toolkit/components/help/content/help.js,
xpfe/communicator/resources/content/contentAreaUtils.js,
xpfe/communicator/resources/content/contentAreaClick.js,
xpfe/communicator/resources/content/nsContextMenu.js: Patches from
bz#298892 to fix MFSA2005-55: "XHTML node spoofing" aka CAN-2005-2269.
* js/src/xpconnect/src/XPCDispObject.cpp,
js/src/xpconnect/src/XPCIDispatchExtension.cpp,
js/src/xpconnect/src/xpccomponents.cpp,
js/src/xpconnect/src/xpcjsruntime.cpp,
js/src/xpconnect/src/xpcprivate.h,
js/src/xpconnect/src/xpcwrappednativeinfo.cpp,
js/src/xpconnect/src/xpcwrappednativejsops.cpp,
js/src/xpconnect/src/xpcwrappednativescope.cpp: Patch from bz#294795
to partially fix MFSA2005-56: "Code execution through shared function
objects" aka CAN-2005-2270.
* js/src/jsobj.c, js/src/jsregexp.c: Apply patches from bz#296397 to fix
the rest of CAN-2005-2270.
Files:
a5cf2fc8bc04662e6c192c15666011e4 1001 web optional mozilla-firefox_1.0.4-2sarge2.dsc
45e66f5ddde0d5c016fd15268da0e522 285974 web optional mozilla-firefox_1.0.4-2sarge2.diff.gz
54e66239bff8195d09a76a8b0c65e096 8887610 web optional mozilla-firefox_1.0.4-2sarge2_i386.deb
e40d4387cdf627df5706e8a83f39640d 156664 web optional mozilla-firefox-dom-inspector_1.0.4-2sarge2_i386.deb
3bc7062690df1334a92eeeae36819ea0 53906 web optional mozilla-firefox-gnome-support_1.0.4-2sarge2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFC/xY+W5ql+IAeqTIRAicxAJ4jEgpSE78a9TMj+Ak4n/QFdAyjMACePcBj
U8CHa7WKezKU59a8iNp8Q4o=
=yf3x
-----END PGP SIGNATURE-----
Accepted:
mozilla-firefox-dom-inspector_1.0.4-2sarge2_i386.deb
to pool/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge2_i386.deb
mozilla-firefox-gnome-support_1.0.4-2sarge2_i386.deb
to pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge2_i386.deb
mozilla-firefox_1.0.4-2sarge2.diff.gz
to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge2.diff.gz
mozilla-firefox_1.0.4-2sarge2.dsc
to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge2.dsc
mozilla-firefox_1.0.4-2sarge2_i386.deb
to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge2_i386.deb
Reply to: