diff -r b77b8588484c -r 50b5cb1f2b86 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Mon Nov 08 14:44:40 2010 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Thu Nov 11 12:54:25 2010 +0100 @@ -1,3 +1,153 @@ +------------------------------------------------------------------- +Wed Oct 27 07:12:14 CEST 2010 - wr@rosenauer.org + +- security update to 3.6.12 (bnc#649492) + * MFSA 2010-73/CVE-2010-3765 (bmo#607222) + Heap buffer overflow mixing document.write and DOM insertion + +------------------------------------------------------------------- +Wed Oct 6 07:13:52 CEST 2010 - wr@rosenauer.org + +- security update to 3.6.11 (bnc#645315) + * MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176 + Miscellaneous memory safety hazards + * MFSA 2010-65/CVE-2010-3179 (bmo#583077) + Buffer overflow and memory corruption using document.write + * MFSA 2010-66/CVE-2010-3180 (bmo#588929) + Use-after-free error in nsBarProp + * MFSA 2010-67/CVE-2010-3183 (bmo#598669) + Dangling pointer vulnerability in LookupGetterOrSetter + * MFSA 2010-68/CVE-2010-3177 (bmo#556734) + XSS in gopher parser when parsing hrefs + * MFSA 2010-69/CVE-2010-3178 (bmo#576616) + Cross-site information disclosure via modal calls + * MFSA 2010-70/CVE-2010-3170 (bmo#578697) + SSL wildcard certificate matching IP addresses + * MFSA 2010-71/CVE-2010-3182 (bmo#590753) + Unsafe library loading vulnerabilities + * MFSA 2010-72/CVE-2010-3173 + Insecure Diffie-Hellman key exchange + +------------------------------------------------------------------- +Wed Sep 15 07:39:22 CEST 2010 - wr@rosenauer.org + +- update to 3.6.10 + * fixing startup topcrash (bmo#594699) + +------------------------------------------------------------------- +Thu Aug 26 07:40:28 CEST 2010 - wr@rosenauer.org + +- security update to 3.6.9 (bnc#637303) + * MFSA 2010-49/CVE-2010-3169 + Miscellaneous memory safety hazards + * MFSA 2010-50/CVE-2010-2765 (bmo#576447) + Frameset integer overflow vulnerability + * MFSA 2010-51/CVE-2010-2767 (bmo#584512) + Dangling pointer vulnerability using DOM plugin array + * MFSA 2010-53/CVE-2010-3166 (bmo#579655) + Heap buffer overflow in nsTextFrameUtils::TransformText + * MFSA 2010-54/CVE-2010-2760 (bmo#585815) + Dangling pointer vulnerability in nsTreeSelection + * MFSA 2010-55/CVE-2010-3168 (bmo#576075) + XUL tree removal crash and remote code execution + * MFSA 2010-56/CVE-2010-3167 (bmo#576070) + Dangling pointer vulnerability in nsTreeContentView + * MFSA 2010-57/CVE-2010-2766 (bmo#580445) + Crash and remote code execution in normalizeDocument + * MFSA 2010-59/CVE-2010-2762 (bmo#584180) + SJOW creates scope chains ending in outer object + * MFSA 2010-61/CVE-2010-2768 (bmo#579744) + UTF-7 XSS by overriding document charset using type + attribute + * MFSA 2010-62/CVE-2010-2769 (bmo#520189) + Copy-and-paste or drag-and-drop into designMode document allows + XSS + * MFSA 2010-63/CVE-2010-2764 (bmo#552090) + Information leak via XMLHttpRequest statusText + +------------------------------------------------------------------- +Wed Jul 28 08:33:14 CEST 2010 - meissner@suse.de + +- disable crash reporter for non x86/x86_64 to make it build. + +------------------------------------------------------------------- +Sat Jul 24 12:42:58 CEST 2010 - wr@rosenauer.org + +- security update to 3.6.8 (bnc#622506) + * MFSA 2010-48/CVE-2010-2755 (bmo#575836) + Dangling pointer crash regression from plugin parameter array + fix + +------------------------------------------------------------------- +Fri Jul 16 06:48:44 CEST 2010 - wr@rosenauer.org + +- security update to 3.6.7 (bnc#622506) + * MFSA 2010-34/CVE-2010-1211/CVE-2010-1212 + Miscellaneous memory safety hazards + * MFSA 2010-35/CVE-2010-1208 (bmo#572986) + DOM attribute cloning remote code execution vulnerability + * MFSA 2010-36/CVE-2010-1209 (bmo#552110) + Use-after-free error in NodeIterator + * MFSA 2010-37/CVE-2010-1214 (bmo#572985) + Plugin parameter EnsureCachedAttrParamArrays remote code + execution vulnerability + * MFSA 2010-38/CVE-2010-1215 (bmo#567069) + Arbitrary code execution using SJOW and fast native function + * MFSA 2010-39/CVE-2010-2752 (bmo#574059) + nsCSSValue::Array index integer overflow + * MFSA 2010-40/CVE-2010-2753 (bmo#571106) + nsTreeSelection dangling pointer remote code execution + vulnerability + * MFSA 2010-41/CVE-2010-1205 (bmo#570451) + Remote code execution using malformed PNG image + * MFSA 2010-42/CVE-2010-1213 (bmo#568148) + Cross-origin data disclosure via Web Workers and importScripts + * MFSA 2010-43/CVE-2010-1207 (bmo#571287) + Same-origin bypass using canvas context + * MFSA 2010-44/CVE-2010-1210 (bmo#564679) + Characters mapped to U+FFFD in 8 bit encodings cause subsequent + character to vanish + * MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957) + Multiple location bar spoofing vulnerabilities + * MFSA 2010-46/CVE-2010-0654 (bmo#524223) + Cross-domain data theft using CSS + * MFSA 2010-47/CVE-2010-2754 (bmo#568564) + Cross-origin data leakage from script filename in error messages + +------------------------------------------------------------------- +Sun Jun 27 20:24:31 CEST 2010 - wr@rosenauer.org + +- update to 3.6.6 release + * modifies the crash protection feature to increase the amount + of time that plugins are allowed to be non-responsive before + being terminated. + +------------------------------------------------------------------- +Wed Jun 23 14:40:35 CEST 2010 - wr@rosenauer.org + +- update to final 3.6.4 release (bnc#603356) + * MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/ + CVE-2010-1203 + Crashes with evidence of memory corruption (rv:1.9.2.4) + * MFSA 2010-28/CVE-2010-1198 (bmo#532246) + Freed object reuse across plugin instances + * MFSA 2010-29/CVE-2010-1196 (bmo#534666) + Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal + * MFSA 2010-30/CVE-2010-1199 (bmo#554255) + Integer Overflow in XSLT Node Sorting + * MFSA 2010-31/CVE-2010-1125 (bmo#552255) + focus() behavior can be used to inject or steal keystrokes + * MFSA 2010-32/CVE-2010-1197 (bmo#537120) + Content-Disposition: attachment ignored if + Content-Type: multipart also present + * MFSA 2010-33/CVE-2008-5913 (bmo#475585) + User tracking across sites using Math.random() + +------------------------------------------------------------------- +Mon Jun 7 07:07:33 CEST 2010 - wr@rosenauer.org + +- update to 3.6.4(build6) + ------------------------------------------------------------------- Sun Apr 18 09:42:40 CEST 2010 - wr@rosenauer.org