2.0.0.13 fixes (among others) 2 critical vulnerabilities, see http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.13.

Comment 2 Raúl Porcel (RETIRED) 2008-03-26 13:54:30 UTC

=www-client/mozilla-firefox[-bin]-2.0.0.13
=net-libs/xulrunner-1.8.1.13
=www-client/seamonkey[-bin]-1.1.9

in the tree

Comment 3 Robert Buchholz (RETIRED) 2008-03-26 20:49:56 UTC

Arches, please test and mark stable:
=www-client/mozilla-firefox-2.0.0.13
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sparc x86"

=www-client/mozilla-firefox-bin-2.0.0.13
Target keywords : "amd64 release x86"

=www-client/seamonkey-1.1.9
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sparc x86"

=www-client/seamonkey-bin-1.1.9
Target keywords : "amd64 release x86"

=net-libs/xulrunner-1.8.1.13
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sparc x86"

Comment 4 Robert Buchholz (RETIRED) 2008-03-26 20:51:53 UTC

Raul, please note that as long as it's not p.masked, xulrunner-bin also needs to be upgraded.

Comment 5 Markus Meier 2008-03-27 00:03:23 UTC

amd64/x86 stable

Comment 6 Robert Buchholz (RETIRED) 2008-03-27 02:12:05 UTC

(In reply to comment #4)
> Raul, please note that as long as it's not p.masked, xulrunner-bin also needs
> to be upgraded.

*xulrunner-bin-1.8.1.13 (26 Mar 2008)

  26 Mar 2008; Raúl Porcel <armin76@gentoo.org>
  xulrunner-bin-1.8.1.12.ebuild, +xulrunner-bin-1.8.1.13.ebuild:
  Version bump

Comment 7 Raúl Porcel (RETIRED) 2008-03-27 12:26:22 UTC

alpha/ia64/sparc stable

Comment 8 Brent Baude (RETIRED) 2008-03-27 16:42:07 UTC

ppc and ppc64 done

Comment 9 Robert Buchholz (RETIRED) 2008-03-27 20:46:18 UTC

Description:
CVE-2008-1233 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1233):
  Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird
  before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to
  execute arbitrary code via "XPCNativeWrapper pollution."

CVE-2008-1234 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1234):
  Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13,
  Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote
  attackers to inject arbitrary web script or HTML via event handlers, aka
  "Universal XSS using event handlers."

CVE-2008-1235 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1235):
  Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird
  before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to
  execute arbitrary code via unknown vectors that cause JavaaScript to execute
  with the wrong principal, aka "Privilege escalation via incorrect principals."

CVE-2008-1236 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1236):
  Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13,
  Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote
  attackers to cause a denial of service (crash) and possibly execute arbitrary
  code via unknown vectors related to the layout engine.

CVE-2008-1237 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1237):
  Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13,
  Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote
  attackers to cause a denial of service (crash) and possibly execute arbitrary
  code via unknown vectors related to the JavaScript engine.

CVE-2008-1238 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1238):
  Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating
  the HTTP Referer header, does not list the entire URL when it contains Basic
  Authentication credentials without a username, which makes it easier for
  remote attackers to bypass application protection mechanisms that rely on
  Referer headers, such as with some Cross-Site Request Forgery (CSRF)
  mechanisms.

CVE-2008-1241 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1241):
  GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey
  before 1.1.9 allows remote attackers to spoof form elements and redirect user
  inputs via a borderless XUL pop-up window from a background tab.

Comment 10 Jeroen Roovers (RETIRED) 2008-03-28 05:03:21 UTC

Marked stable for HPPA:
  =www-client/mozilla-firefox-2.0.0.13
  =net-libs/xulrunner-1.8.1.13
  =www-client/seamonkey-1.1.9

None of these passes the Acid3 test, btw. ;-)

Comment 11 Peter Volkov (RETIRED) 2008-03-28 08:09:28 UTC

Fixed in release snapshot.

Comment 12 Robert Buchholz (RETIRED) 2008-03-29 19:48:52 UTC

GLSA is filed, waiting for Thunderbird :-/

Comment 13 Vlastimil Babka (Caster) (RETIRED) 2008-05-01 23:07:25 UTC

*** Bug 219983 has been marked as a duplicate of this bug. ***

Comment 14 Robert Buchholz (RETIRED) 2008-05-02 09:36:13 UTC

As pointed out in the duplicate (see comment 13), Thunderbird 2.0.0.14 has been released.

Comment 15 Raúl Porcel (RETIRED) 2008-05-02 14:28:43 UTC

mail-client/mozilla-thunderbird[-bin]-2.0.0.14 in the tree

Comment 16 Tobias Heinlein (RETIRED) 2008-05-03 10:47:10 UTC

Arches, please test and mark stable:
=mozilla-thunderbird-2.0.0.14
Target keywords: "alpha amd64 ia64 ppc ppc64 release sparc x86"

=mozilla-thunderbird-bin-2.0.0.14
Target keywords: "amd64 release x86"

Comment 17 Hanno Böck 2008-05-03 23:30:21 UTC

CC-in archs for thunderbird stabilization.

Comment 18 Markus Meier 2008-05-04 13:30:12 UTC

amd64/x86 stable

Comment 19 Raúl Porcel (RETIRED) 2008-05-04 13:44:16 UTC

alpha/ia64/sparc stable

Comment 20 Markus Rothe (RETIRED) 2008-05-05 11:48:50 UTC

ppc64 stable

Comment 21 Brent Baude (RETIRED) 2008-05-05 14:08:11 UTC

ppc done

Comment 22 Robert Buchholz (RETIRED) 2008-05-20 21:20:14 UTC

GLSA 200805-18, sorry for the delay