-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 25 Sep 2005 02:32:14 -0400 Source: mozilla-firefox Binary: mozilla-firefox mozilla-firefox-gnome-support mozilla-firefox-dom-inspector Architecture: source i386 Version: 1.0.4-2sarge5 Distribution: stable-security Urgency: critical Maintainer: Eric Dorland <eric@debian.org> Changed-By: Eric Dorland <eric@debian.org> Description: mozilla-firefox - lightweight web browser based on Mozilla mozilla-firefox-dom-inspector - tool for inspecting the DOM of pages in Mozilla Firefox mozilla-firefox-gnome-support - Support for Gnome in Mozilla Firefox Closes: 327452 Changes: mozilla-firefox (1.0.4-2sarge5) stable-security; urgency=critical . * Fixes for MFSA-2005-58 taken from CVS, which comprises the following issues (Thanks to Alexander Sack and Noah Meyerhans): * layout/html/base/src/nsTextTransformer.cpp, content/shared/src/nsBidiUtils.cpp: Fix for "Crash on 'zero-width non-joiner' sequence", aka CAN-2005-2702, bz#296134. * netwerk/protocol/http/src/nsHttpChannel.cpp, extensions/xmlextras/base/src/nsXMLHttpRequest.cpp: Fix for "XMLHttpRequest header spoofing", aka CAN-2005-2703, bz#297078 and bz#302263. * content/xbl/src/nsXBLContentSink.cpp: Fix for "Object spoofing using XBL <implements>", aka CAN-2005-2704, bz#299518. * modules/libpr0n/decoders/xbm/nsXBMDecoder.h, modules/libpr0n/decoders/xbm/nsXBMDecoder.cpp: Fix for "Heap overrun in XBM image processing", aka CAN-2005-2701, bz#300936. * dom/src/base/nsGlobalWindow.h, dom/src/base/nsGlobalWindow.cpp, embedding/components/windowwatcher/public/nsIWindowWatcher.idl, embedding/components/windowwatcher/public/nsPIWindowWatcher.idl: Fix for "Chrome window spoofing", aka CAN-2005-2707, bz#306804. * js/src/jsstr.c: Fix "JavaScript integer overflow", aka CAN-2005-2705, bz#303213. * netwerk/protocol/about/src/nsAboutRedirector.cpp, caps/src/nsScriptSecurityManager.cpp: Fix for "Privilege escalation using about: scheme", aka CAN-2005-2706, bz#304754 and bz#306261. . * netwerk/base/src/nsStandardURL.h, netwerk/base/src/nsStandardURL.cpp: Fix for MFSA-2005-57 "IDN heap overrun", aka CAN-2005-2871. This is a better fix than was provided in 1.0.4-2sarge4. (Closes: #327452) . * browser/app/mozilla.in, webshell/tests/viewer/mozilla-viewer.sh, xpfe/bootstrap/mozilla.in: Fix for MFSA-2005-59 " Command-line handling on Linux allows shell execution", aka CAN-2005-2968, bz#307185. The Debian packages do not use these scripts so is not affected by this advisory, but the files are in the source package, so better safe than sorry. Files: bf9cf2b7106335cccc2afb10f6386c57 1001 web optional mozilla-firefox_1.0.4-2sarge5.dsc d3f81e09a762be3c51aa20655ada5d32 332598 web optional mozilla-firefox_1.0.4-2sarge5.diff.gz 795a6aa3ca33a5e328e863612ceb0ac3 8891730 web optional mozilla-firefox_1.0.4-2sarge5_i386.deb 5e5d92e6c30a1d677edcc2fd9beb1861 157566 web optional mozilla-firefox-dom-inspector_1.0.4-2sarge5_i386.deb 885991c2f4580f06f12ba1cc6ff456ac 54820 web optional mozilla-firefox-gnome-support_1.0.4-2sarge5_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDNllfYemOzxbZcMYRAo2AAKC0IxS9kX+Luz6i/n9DSZ7syBo7swCgiKiE z5Tu07Zf2DWrG481ChTuTpA= =RwAR -----END PGP SIGNATURE----- Accepted: mozilla-firefox-dom-inspector_1.0.4-2sarge5_i386.deb to pool/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_i386.deb mozilla-firefox-gnome-support_1.0.4-2sarge5_i386.deb to pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_i386.deb mozilla-firefox_1.0.4-2sarge5.diff.gz to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5.diff.gz mozilla-firefox_1.0.4-2sarge5.dsc to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5.dsc mozilla-firefox_1.0.4-2sarge5_i386.deb to pool/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_i386.deb
