Summary: | www-client/mozilla-firefox{-bin} 1.0.5 fixes multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Aarni Honka <aarni.honka> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | ghepeu, kurt, moixa, mozilla |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Other | ||
URL: | http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox | ||
Whiteboard: | A2 [glsa] koon | ||
Package list: | Runtime testing required: | --- |
Description
Aarni Honka
2005-06-06 04:29:19 UTC
https://bugzilla.mozilla.org/show_bug.cgi?id=296850 Was fixed by bug 246448 in Mozilla 1.7 and remained fixed through Firefox 1.0.2 Firefox 1.0.3 and Mozilla 1.7.7 are vulnerable again Fixed on trunk and branches as of 2005-06-08. Waiting for a release. Mozilla released a new version today, this and several other (also critical) vulnerabilities seem to be fixed in 1.0.5. http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox firefox-1.0.5 binary ebuild update. Will bump source as soon as mirrors are seeded and we have a download for it. OK... Organizing stuff, this one is for the Firefox issues : Fixed in Firefox 1.0.5 MFSA 2005-56 Code execution through shared function objects MFSA 2005-55 XHTML node spoofing MFSA 2005-54 Javascript prompt origin spoofing MFSA 2005-53 Standalone applications can run arbitrary code through the browser MFSA 2005-52 Same origin violation: frame calling top.focus() MFSA 2005-51 The return of frame-injection spoofing MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo() MFSA 2005-49 Script injection from Firefox sidebar panel using data: MFSA 2005-48 Same-origin violation with InstallTrigger callback MFSA 2005-47 Code execution via "Set as Wallpaper" MFSA 2005-46 XBL scripts ran even when Javascript disabled MFSA 2005-45 Content-generated event vulnerabilities Waiting for the source ebuild. *** Bug 98838 has been marked as a duplicate of this bug. *** Any chance to see the enhancements of bug #86070 in the new firefox ebuild? this is a security bump no time to add enhancemen. Source build is in portage when security team is ready we can call for archs to stabilize. Arches please test and mark stable. Target keywords: mozilla-firefox-1.0.5: alpha amd64 arm hppa ia64 ppc sparc x86 mozilla-firefox-bin-1.0.5: -* x86 amd64 Stable on PPC mozilla-firefox{,-bin} stable on amd64 sparc stable. Stable on hppa. Stable on alpha + ia64. stable on x86 Wouldn't it be a good idea to add a glsa so that hopefully all users will update? Cheers Sebastian This one is ready for GLSA. GLSA 200507-14 arm should mark stable to benefit from GLSA |