Firefox 2.0.0.13 is out, security fixes as usual.
2.0.0.13 fixes (among others) 2 critical vulnerabilities, see http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.13.
=www-client/mozilla-firefox[-bin]-2.0.0.13 =net-libs/xulrunner-1.8.1.13 =www-client/seamonkey[-bin]-1.1.9 in the tree
Arches, please test and mark stable: =www-client/mozilla-firefox-2.0.0.13 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sparc x86" =www-client/mozilla-firefox-bin-2.0.0.13 Target keywords : "amd64 release x86" =www-client/seamonkey-1.1.9 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sparc x86" =www-client/seamonkey-bin-1.1.9 Target keywords : "amd64 release x86" =net-libs/xulrunner-1.8.1.13 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sparc x86"
Raul, please note that as long as it's not p.masked, xulrunner-bin also needs to be upgraded.
amd64/x86 stable
(In reply to comment #4) > Raul, please note that as long as it's not p.masked, xulrunner-bin also needs > to be upgraded. *xulrunner-bin-1.8.1.13 (26 Mar 2008) 26 Mar 2008; Raúl Porcel <armin76@gentoo.org> xulrunner-bin-1.8.1.12.ebuild, +xulrunner-bin-1.8.1.13.ebuild: Version bump
alpha/ia64/sparc stable
ppc and ppc64 done
Description: CVE-2008-1233 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1233): Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution." CVE-2008-1234 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1234): Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers." CVE-2008-1235 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1235): Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals." CVE-2008-1236 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1236): Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine. CVE-2008-1237 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1237): Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine. CVE-2008-1238 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1238): Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms. CVE-2008-1241 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1241): GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab.
Marked stable for HPPA: =www-client/mozilla-firefox-2.0.0.13 =net-libs/xulrunner-1.8.1.13 =www-client/seamonkey-1.1.9 None of these passes the Acid3 test, btw. ;-)
Fixed in release snapshot.
GLSA is filed, waiting for Thunderbird :-/
*** Bug 219983 has been marked as a duplicate of this bug. ***
As pointed out in the duplicate (see comment 13), Thunderbird 2.0.0.14 has been released.
mail-client/mozilla-thunderbird[-bin]-2.0.0.14 in the tree
Arches, please test and mark stable: =mozilla-thunderbird-2.0.0.14 Target keywords: "alpha amd64 ia64 ppc ppc64 release sparc x86" =mozilla-thunderbird-bin-2.0.0.14 Target keywords: "amd64 release x86"
CC-in archs for thunderbird stabilization.
ppc64 stable
ppc done
GLSA 200805-18, sorry for the delay