Cite advisory from mozilla.org: "Fixes for security problems in the JavaScript engine described in MFSA 2008-15 (CVE-2008-1237) introduced a stability problem, where some users experienced crashes during JavaScript garbage collection. This is being fixed primarily to address stability concerns. We have no demonstration that this particular crash is exploitable but are issuing this advisory because some crashes of this type have been shown to be exploitable in the past."
=www-client/mozilla-firefox[-bin]-2.0.0.14 =net-libs/xulrunner-1.8.1.14 In the tree seamonkey-1.1.10 is not released yet, and thunderbird either
Arches, please test and mark stable: =www-client/mozilla-firefox-2.0.0.14 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sparc x86" =www-client/mozilla-firefox-bin-2.0.0.14 Target keywords : "amd64 release x86" =net-libs/xulrunner-1.8.1.14 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sparc x86"
Both stable for HPPA. Probably need to stay on board for seamonkey (if not please tell).
alpha/ia64/sparc/x86 stable
amd64 stable
ppc64 stable
No seamonkey-1.1.10 yet?
ppc stable, ready for glsa.
Fixed in release snapshot.
According to this blog entry, Seamonkey upstream has decided not to release 1.1.10 anytime soon: http://home.kairo.at/blog/2008-04/weekly_status_report_w17_2008_w15_w16 Raul has committed the patch to fix this vulnerability in www-client/seamonkey-1.1.9-r1. There are no updates to www-client/seamonkey-bin due to the nature of being upstream builds.
Arches, please test and mark stable: =www-client/seamonkey-1.1.9-r1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sparc x86"
alpha/ia64/sparc stable
x86 stable
Stable for HPPA.
ppc stable
GLSA 200805-18, but we will have to leave this open until it is fixed for seamonkey-bin.
Fixed via bug 230567
GLSA 200808-03