Ubuntu
xulrunner package

xulrunner 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1 source package in Ubuntu

Changelog

xulrunner (1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1) hardy-security; urgency=low

  * New security upstream release - backports for ffox 3.0.8
    + Fixed on Firefox EOL branch
      - MFSA 2009-13 Arbitrary code execution through XUL <tree> element
      - MFSA 2009-12 XSL Transformation vulnerability
      - MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
      - MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
      - MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)
      - MFSA 2009-05 XMLHttpRequest allows reading HTTPOnly cookies
      - MFSA 2009-03 Local file stealing with SessionStore
      - MFSA 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6)
    + Fixed in Firefox 2.0.0.20
      - MFSA 2008-65 Cross-domain data theft via script redirect error message (Windows)
    + Fixed in Firefox 2.0.0.19
      - MFSA 2008-69 XSS vulnerabilities in SessionStore
      - MFSA 2008-68 XSS and JavaScript privilege escalation
      - MFSA 2008-67 Escaped null characters ignored by CSS parser
      - MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
      - MFSA 2008-65 Cross-domain data theft via script redirect error message
      - MFSA 2008-64 XMLHttpRequest 302 response disclosure
      - MFSA 2008-62 Additional XSS attack vectors in feed preview
      - MFSA 2008-61 Information stealing via loadBindingDocument
      - MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
    + Fixed in Firefox 2.0.0.18
      - MFSA 2008-58 Parsing error in E4X default namespace
      - MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
      - MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
      - MFSA 2008-55 Crash and remote code execution in nsFrameManager
      - MFSA 2008-54 Buffer overflow in http-index-format parser
      - MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
      - MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
      - MFSA 2008-50 Crash and remote code execution via __proto__ tampering
      - MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
      - MFSA 2008-48 Image stealing via canvas and HTTP redirect
      - MFSA 2008-47 Information stealing via local shortcut files
    + Fixed in Firefox 2.0.0.17
      - MFSA 2008-45 XBM image uninitialized memory reading
      - MFSA 2008-44 resource: traversal vulnerabilities
      - MFSA 2008-43 BOM characters stripped from JavaScript before execution
      - MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
      - MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
      - MFSA 2008-40 Forced mouse drag
      - MFSA 2008-39 Privilege escalation using feed preview page and XSS flaw
      - MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
      - MFSA 2008-37 UTF-8 URL stack buffer overflow
    + Fixed in Firefox 2.0.0.16
      - MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running
      - MFSA 2008-34 Remote code execution by overflowing CSS reference counter
    + Fixed in Firefox 2.0.0.15
      - MFSA 2008-33 Crash and remote code execution in block reflow
      - MFSA 2008-32 Remote site run as local file via Windows URL shortcut
      - MFSA 2008-31 Peer-trusted certs can use alt names to spoof
      - MFSA 2008-30 File location URL in directory listings not escaped properly
      - MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
      - MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
      - MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
      - MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
      - MFSA 2008-24 Chrome script loading from fastload file
      - MFSA 2008-23 Signed JAR tampering
      - MFSA 2008-22 XSS through JavaScript same-origin violation
      - MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)
    + Fixed in Firefox 2.0.0.14
      - MFSA 2008-20 Crash in JavaScript garbage collector

 -- Alexander Sack <email address hidden>   Tue, 31 Mar 2009 18:52:02 +0200

Upload details

Uploaded by:
Alexander Sack
Uploaded to:
Hardy
Original maintainer:
MOTU
Architectures:
any
Section:
devel
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
xulrunner_1.8.1.18+nobinonly.b308.cvs20090331t155113.orig.tar.gz 43.7 MiB 18ed3df889ce4ed6f20aa2435909fbf1add4adc4a027fc4921bf62b4db1cad8c
xulrunner_1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1.diff.gz 154.5 KiB c212061f2ac666d3957dd8c479e930f2497dad2a63b189e86fd66ab692ddfdb7
xulrunner_1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1.dsc 2.6 KiB fb9f2300c44f8f1047eac428e38a079b16dbeb95b4f250720d71af18a3789a93

View changes file

Binary packages built by this source

libmozillainterfaces-java: No summary available for libmozillainterfaces-java in ubuntu hardy.

No description available for libmozillainterfaces-java in ubuntu hardy.

libmozjs-dev: No summary available for libmozjs-dev in ubuntu hardy.

No description available for libmozjs-dev in ubuntu hardy.

libmozjs0d: No summary available for libmozjs0d in ubuntu hardy.

No description available for libmozjs0d in ubuntu hardy.

libmozjs0d-dbg: No summary available for libmozjs0d-dbg in ubuntu hardy.

No description available for libmozjs0d-dbg in ubuntu hardy.

libxul-common: No summary available for libxul-common in ubuntu hardy.

No description available for libxul-common in ubuntu hardy.

libxul-dev: No summary available for libxul-dev in ubuntu hardy.

No description available for libxul-dev in ubuntu hardy.

libxul0d: No summary available for libxul0d in ubuntu hardy.

No description available for libxul0d in ubuntu hardy.

libxul0d-dbg: No summary available for libxul0d-dbg in ubuntu hardy.

No description available for libxul0d-dbg in ubuntu hardy.

python-xpcom: No summary available for python-xpcom in ubuntu hardy.

No description available for python-xpcom in ubuntu hardy.

spidermonkey-bin: No summary available for spidermonkey-bin in ubuntu hardy.

No description available for spidermonkey-bin in ubuntu hardy.

xulrunner: No summary available for xulrunner in ubuntu hardy.

No description available for xulrunner in ubuntu hardy.

xulrunner-gnome-support: No summary available for xulrunner-gnome-support in ubuntu hardy.

No description available for xulrunner-gnome-support in ubuntu hardy.