MFSA 2011-10 CSRF risk with plugins and 307 redirects CVE-2011-0059 https://www.mozilla.org/security/announce/2011/mfsa2011-10.html MFSA 2011-09 Crash caused by corrupted JPEG image CVE-2011-0061 https://www.mozilla.org/security/announce/2011/mfsa2011-09.html MFSA 2011-08 ParanoidFragmentSink allows javascript: URLs in chrome documents CVE-2010-1585 https://www.mozilla.org/security/announce/2011/mfsa2011-08.html MFSA 2011-07 Memory corruption during text run construction (Windows) CVE-2011-0058 https://www.mozilla.org/security/announce/2011/mfsa2011-07.html ** This headline indicates this vulnerability is only present on Windows, but ** I don't have access to details to support that. MFSA 2011-06 Use-after-free error using Web Workers CVE-2011-0057 https://www.mozilla.org/security/announce/2011/mfsa2011-06.html MFSA 2011-05 Buffer overflow in JavaScript atom map CVE-2011-0056 https://www.mozilla.org/security/announce/2011/mfsa2011-05.html MFSA 2011-04 Buffer overflow in JavaScript upvarMap CVE-2011-0054 https://www.mozilla.org/security/announce/2011/mfsa2011-04.html MFSA 2011-03 Use-after-free error in JSON.stringify CVE-2011-0055 https://www.mozilla.org/security/announce/2011/mfsa2011-03.html MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true CVE-2011-0051 https://www.mozilla.org/security/announce/2011/mfsa2011-02.html MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17) CVE-2011-0053 CVE-2011-0062 https://www.mozilla.org/security/announce/2011/mfsa2011-01.html
*** Bug 357119 has been marked as a duplicate of this bug. ***
*** This bug has been marked as a duplicate of bug 357117 ***
err dup'd wrong bug.
*** Bug 357117 has been marked as a duplicate of this bug. ***
*** Bug 357263 has been marked as a duplicate of this bug. ***
We will not proceed with this version, a new releases is being rolled that will be out friday, there are too many issues with this releases to land it in the tree.
*** Bug 357551 has been marked as a duplicate of this bug. ***
thunderbird{-bin}-3.1.9, xulrunner-1.9.2.15, firefox{-bin}-3.6.15 , seamonkey{-bin}-2.0.12, and icecat-3.6.15 are all in the tree, feel free to bring archs in to stabilize.
Arches, please test and mark stable: =mail-client/thunderbird-3.1.9 Target keywords : "alpha amd64 ia64 ppc ppc64 sparc x86" =mail-client/thunderbird-bin-3.1.9 Target keywords : "amd64 x86" =www-client/firefox-3.6.15 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" =www-client/firefox-bin-3.6.15 Target keywords : "amd64 x86" =www-client/seamonkey-2.0.12 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" =www-client/seamonkey-bin-2.0.12 Target keywords : "amd64 x86" =net-libs/xulrunner-1.9.2.15 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" =www-client/icecat-3.6.15 Target keywords : "amd64 ppc ppc64 x86"
when i open all programs i see: $PROGRAM could not install this item because "install.rdf" (provided by the item) is not well-formed or does not exist. Please contact the author about this problem. but they run. This warning can be dangerous?
Tested on SPARC, both firefox-3.6.15 and xulrunner-1.9.2.15 still exhibit crashes, cannot stabilise at all. I know I've been told that someone needs to debug the program on SPARC, but the fact that the same software works on x86 and PPC makes me wonder if there's some kind of miscompilation going on within GCC.
amd64 done
The original summary for this bug was longer than 255 characters, and so it was truncated when Bugzilla was upgraded. The original summary was: <www-client/firefox{,-bin}-3.6.15, <mail-client/thunderbird{,-bin}-3.1.9, <www-client/seamonkey{,-bin}-2.0.12, <www-client/icecat-3.6.15, <net-libs/xulrunner-1.9.2.15: Multiple Vulnerabilities (CVE-2010-1585, CVE-2011-{0051,0053,0054,0055,0056,0057,0058,0059,0061,0062})
Stable for HPPA.
ppc/ppc64 stable
x86 done. Thanks fellows.
arm stable
alpha/ia64/sparc done, sparc will pass on xulrunner and firefox since it sigbuses(so does 3.6.13)
Thank you, everyone. Added to existing GLSA request.
nothing for mozilla team here.
remove mozilla from cc, if needed add us back.
CVE-2010-1585 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585): The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element.
This issue was resolved and addressed in GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml by GLSA coordinator Sean Amoss (ackle).