-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 12 Aug 2005 19:52:58 -0400 Source: mozilla-firefox Binary: mozilla-firefox mozilla-firefox-gnome-support mozilla-firefox-dom-inspector Architecture: source i386 Version: 1.0.4-2sarge2 Distribution: stable-security Urgency: critical Maintainer: Eric Dorland <eric@debian.org> Changed-By: Eric Dorland <eric@debian.org> Description: mozilla-firefox - lightweight web browser based on Mozilla mozilla-firefox-dom-inspector - tool for inspecting the DOM of pages in Mozilla Firefox mozilla-firefox-gnome-support - Support for Gnome in Mozilla Firefox Closes: 318061 Changes: mozilla-firefox (1.0.4-2sarge2) stable-security; urgency=critical . * Fixes for various security vulnerabilities. (Closes: #318061) * The previous (unreleased) version fixes MFSA2005-51: "The return of frame-injection spoofing" aka CAN-2005-1937, which is really just the return of CAN-2004-0718. * accessible/src/base/nsBaseWidgetAccessible.cpp, content/base/public/nsContentUtils.h, content/base/src/nsContentUtils.cpp, content/base/src/nsDocument.cpp, content/base/src/nsDocument.h, content/base/src/nsDocumentViewer.cpp, content/base/src/nsGenericDOMDataNode.cpp, content/base/src/nsGenericElement.cpp, content/base/src/nsGenericElement.h, content/base/src/nsImageLoadingContent.cpp, content/base/src/nsSelection.cpp, content/events/public/nsIEventListenerManager.h, content/events/public/nsIPrivateDOMEvent.h, content/events/public/nsMutationEvent.h, content/events/src/nsDOMEvent.cpp, content/events/src/nsEventListenerManager.cpp, content/events/src/nsEventListenerManager.h, content/events/src/nsEventStateManager.cpp, content/html/content/src/nsGenericHTMLElement.cpp, content/html/content/src/nsHTMLButtonElement.cpp, content/html/content/src/nsHTMLFormElement.cpp, content/html/content/src/nsHTMLInputElement.cpp, content/html/content/src/nsHTMLScriptElement.cpp, content/html/content/src/nsHTMLSelectElement.cpp, content/html/content/src/nsHTMLTextAreaElement.cpp, content/svg/content/src/nsSVGElement.cpp, content/xbl/src/nsXBLBinding.cpp, content/xbl/src/nsXBLBinding.h, content/xbl/src/nsXBLPrototypeHandler.cpp, content/xml/content/src/nsXMLElement.cpp, content/xml/document/src/nsXMLDocument.cpp, content/xul/content/src/nsXULElement.cpp, content/xul/document/src/nsXULCommandDispatcher.cpp, content/xul/document/src/nsXULDocument.cpp, dom/public/idl/events/Makefile.in, dom/src/base/nsDOMClassInfo.cpp, dom/src/base/nsDOMClassInfo.h, dom/src/base/nsGlobalWindow.cpp, dom/src/base/nsGlobalWindow.h, dom/src/base/nsJSEnvironment.cpp, dom/src/base/nsWindowRoot.cpp, dom/src/base/nsWindowRoot.h, extensions/xmlextras/base/src/nsXMLHttpRequest.cpp, layout/html/base/src/nsGfxScrollFrame.cpp, layout/html/base/src/nsObjectFrame.cpp, layout/html/base/src/nsPresShell.cpp, layout/html/forms/public/nsIFormControlFrame.h, layout/html/forms/src/nsComboboxControlFrame.cpp, layout/html/forms/src/nsComboboxControlFrame.h, layout/html/forms/src/nsFileControlFrame.h, layout/html/forms/src/nsFormControlFrame.cpp, layout/html/forms/src/nsFormControlFrame.h, layout/html/forms/src/nsGfxButtonControlFrame.cpp, layout/html/forms/src/nsHTMLButtonControlFrame.cpp, layout/html/forms/src/nsHTMLButtonControlFrame.h, layout/html/forms/src/nsImageControlFrame.cpp, layout/html/forms/src/nsListControlFrame.cpp, layout/html/forms/src/nsListControlFrame.h, layout/html/forms/src/nsTextControlFrame.cpp, layout/html/forms/src/nsTextControlFrame.h, layout/xul/base/src/nsBoxFrame.cpp, layout/xul/base/src/nsButtonBoxFrame.cpp, layout/xul/base/src/nsButtonBoxFrame.h, layout/xul/base/src/nsImageBoxFrame.cpp, layout/xul/base/src/nsMenuFrame.cpp, layout/xul/base/src/nsPopupSetFrame.cpp, layout/xul/base/src/nsResizerFrame.cpp, layout/xul/base/src/nsResizerFrame.h, layout/xul/base/src/nsScrollBoxFrame.cpp, layout/xul/base/src/nsScrollbarButtonFrame.cpp, layout/xul/base/src/nsTitleBarFrame.cpp, layout/xul/base/src/nsTitleBarFrame.h, layout/xul/base/src/tree/src/nsTreeBodyFrame.cpp, layout/xul/base/src/tree/src/nsTreeSelection.cpp, toolkit/components/satchel/src/nsFormFillController.cpp, view/public/nsIViewObserver.h, view/src/nsViewManager.cpp, webshell/public/nsILinkHandler.h, widget/public/nsEvent.h, widget/public/nsGUIEvent.h, widget/public/nsIEventListener.h, widget/public/nsIWidget.h, widget/src/beos/nsWindow.cpp, widget/src/cocoa/nsChildView.mm, widget/src/cocoa/nsCocoaWindow.mm, widget/src/cocoa/nsMenuBarX.cpp, widget/src/cocoa/nsMenuItemX.cpp, widget/src/cocoa/nsMenuX.cpp, widget/src/gtk/nsGtkEventHandler.cpp, widget/src/gtk/nsWidget.cpp, widget/src/gtk/nsWindow.cpp, widget/src/gtk2/nsCommonWidget.cpp, widget/src/gtk2/nsWindow.cpp, widget/src/mac/nsMacControl.cpp, widget/src/mac/nsMacEventHandler.cpp, widget/src/mac/nsMacWindow.cpp, widget/src/mac/nsMenuBarX.cpp, widget/src/mac/nsMenuX.cpp, widget/src/mac/nsWindow.cpp, widget/src/os2/nsFrameWindow.cpp, widget/src/os2/nsWindow.cpp, widget/src/photon/nsWidget.cpp, widget/src/photon/nsWidget.h, widget/src/photon/nsWindow.cpp, widget/src/windows/nsNativeDragTarget.cpp, widget/src/windows/nsWindow.cpp, widget/src/xlib/nsAppShell.cpp, widget/src/xlib/nsWidget.cpp, widget/src/xlib/nsWindow.cpp, xpfe/appshell/src/nsWebShellWindow.cpp, xpfe/appshell/src/nsXULWindow.cpp: Huge patch from bz#289940 to fix MFSA2005-45: "Content-generated event vulnerabilities" aka CAN-2005-2260. * content/base/src/nsContentUtils.cpp, dom/public/idl/events/nsIDOMNSEventTarget.idl: Fixes for the above patch. * content/xbl/src/nsXBLBinding.cpp: Patch from bz#292591 to fix MFSA2005-46: "XBL scripts ran even when Javascript disabled" aka CAN-2005-2261. * browser/base/content/browser.js, browser/base/content/setWallpaper.xul: Patch from bz#292737 to fix MFSA2005-47: "Code execution via "Set as Wallpaper"", aka CAN-2005-2262. * xpinstall/src/nsJSInstallTriggerGlobal.cpp, xpinstall/src/nsXPITriggerInfo.h, xpinstall/src/nsXPITriggerInfo.cpp: Patch from bz#293331 to fix MFSA2005-48: "Same-origin violation with InstallTrigger callback" aka CAN-2005-2263. * browser/base/content/browser.js: Patch from bz#294074 to fix MFSA2005-49: "Script injection from Firefox sidebar panel using data:" aka CAN-2005-2264. * xpinstall/src/nsJSInstall.cpp, xpinstall/src/nsJSWinProfile.cpp, xpinstall/src/nsJSInstallTriggerGlobal.cpp, xpinstall/src/nsJSInstallVersion.cpp, xpinstall/src/nsJSFile.cpp, xpinstall/src/nsJSWinReg.cpp, xpinstall/src/nsJSFileSpecObj.cpp: Patches from bz#295854 to fix MFSA2005-50: "Possibly exploitable crash in InstallVersion.compareTo" aka CAN-2005-2265. * content/html/document/src/nsHTMLDocument.cpp: Patch from bz#296830 to fix MFSA2005-52: " Same origin violation: frame calling top.focus()" aka CAN-2005-2266. * browser/base/content/browser.js, docshell/base/nsDocShell.cpp, docshell/base/nsDocShell.h, docshell/base/nsIDocShellLoadInfo.idl, docshell/base/nsIWebNavigation.idl: Patch from bz#298255 for MFSA2005-53: "Standalone applications can run arbitrary code through the browser" aka CAN-2005-2267. * dom/src/base/nsGlobalWindow.cpp: Patch from bz#298934 for MFSA2005-54: "Javascript prompt origin spoofing" aka CAN-2005-2268. * browser/base/content/browser.js, browser/base/content/utilityOverlay.js, toolkit/components/help/content/help.js, xpfe/communicator/resources/content/contentAreaUtils.js, xpfe/communicator/resources/content/contentAreaClick.js, xpfe/communicator/resources/content/nsContextMenu.js: Patches from bz#298892 to fix MFSA2005-55: "XHTML node spoofing" aka CAN-2005-2269. * js/src/xpconnect/src/XPCDispObject.cpp, js/src/xpconnect/src/XPCIDispatchExtension.cpp, js/src/xpconnect/src/xpccomponents.cpp, js/src/xpconnect/src/xpcjsruntime.cpp, js/src/xpconnect/src/xpcprivate.h, js/src/xpconnect/src/xpcwrappednativeinfo.cpp, js/src/xpconnect/src/xpcwrappednativejsops.cpp, js/src/xpconnect/src/xpcwrappednativescope.cpp: Patch from bz#294795 to partially fix MFSA2005-56: "Code execution through shared function objects" aka CAN-2005-2270. * js/src/jsobj.c, js/src/jsregexp.c: Apply patches from bz#296397 to fix the rest of CAN-2005-2270. Files: a5cf2fc8bc04662e6c192c15666011e4 1001 web optional mozilla-firefox_1.0.4-2sarge2.dsc 45e66f5ddde0d5c016fd15268da0e522 285974 web optional mozilla-firefox_1.0.4-2sarge2.diff.gz 54e66239bff8195d09a76a8b0c65e096 8887610 web optional mozilla-firefox_1.0.4-2sarge2_i386.deb e40d4387cdf627df5706e8a83f39640d 156664 web optional mozilla-firefox-dom-inspector_1.0.4-2sarge2_i386.deb 3bc7062690df1334a92eeeae36819ea0 53906 web optional mozilla-firefox-gnome-support_1.0.4-2sarge2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFC/xY+W5ql+IAeqTIRAicxAJ4jEgpSE78a9TMj+Ak4n/QFdAyjMACePcBj U8CHa7WKezKU59a8iNp8Q4o= =yf3x -----END PGP SIGNATURE----- Accepted: mozilla-firefox-dom-inspector_1.0.4-2sarge2_i386.deb to pool/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge2_i386.deb mozilla-firefox-gnome-support_1.0.4-2sarge2_i386.deb to pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge2_i386.deb mozilla-firefox_1.0.4-2sarge2.diff.gz to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge2.diff.gz mozilla-firefox_1.0.4-2sarge2.dsc to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge2.dsc mozilla-firefox_1.0.4-2sarge2_i386.deb to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge2_i386.deb -- To UNSUBSCRIBE, email to debian-testing-changes-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
