MFSA 2005-44 Privilege escalation via non-DOM property overrides MFSA 2005-43 "Wrapped" javascript: urls bypass security checks MFSA 2005-42 Code execution via javascript: IconURL
*** This bug has been marked as a duplicate of 91859 ***
Reopening to handle stable marking for firefox and mozilla seperately.
Firefox 1.0.4 already stable on ppc.
tested 1.0.4 on x86 - builds and runs with various extensions. Portage 2.0.51.19 (default-linux/x86/2005.0, gcc-3.3.5-20050130, glibc-2.3.4.20041102-r1, 2.6.10-rc3 i686) ================================================================= System uname: 2.6.10-rc3 i686 AMD Athlon(tm) XP 2400+ Gentoo Base System version 1.4.16 Python: dev-lang/python-2.1.3-r1,dev-lang/python-2.2.3-r5,dev-lang/python-2.3.5 [2.3.5 (#1, Apr 28 2005, 23:17:06)] distcc 2.16 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] dev-lang/python: 2.1.3-r1, 2.2.3-r5, 2.3.5 sys-apps/sandbox: [Not Present] sys-devel/autoconf: 2.59-r6, 2.13 sys-devel/automake: 1.7.9-r1, 1.8.5-r3, 1.5, 1.4_p6, 1.6.3, 1.9.5 sys-devel/binutils: 2.15.92.0.2-r7 sys-devel/libtool: 1.5.16 virtual/os-headers: 2.6.8.1-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O2 -march=athlon-xp -mmmx -m3dnow -fomit-frame-pointer -fforce-addr -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=athlon-xp -mmmx -m3dnow -fomit-frame-pointer -fforce-addr -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig candy ccache distlocks sandbox sfperms strict" GENTOO_MIRRORS="ftp://ftp.gentoo.skynet.be/pub/gentoo/" LANG="de_DE.utf8" LC_ALL="de_DE.utf8" MAKEOPTS="-j1" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.de.gentoo.org/gentoo-portage" USE="x86 3dnow 3ds X Xaw3d aalib acpi acpi4linux alsa avi berkdb bitmap-fonts blas bzlib cdparanoia cdr crypt cscope cups curl dga divx4linux dvd dvdread editor eds emboss encode esd f2c fam fbcon ffmpeg font-server foomaticdb fortran gdbm gif gimpprint glut gstreamer gtk gtk2 guile imagemagick imlib java jikes joystick jpeg junit libg++ libwww live ltsp mad maildir mcal mikmod mmx mng motif mozilla moznocompose moznoirc moznomail mozp3p mozsvg mozxmlterm mp3 mpeg mpeg4 nas ncurses network nls nntp nptl nvidia offensive ogg oggvorbis openal opengl oscar oss pam pcre pdflib perl physfs pic plotutils png ppds python readline real rtc sasl sdl server slang softmmu spell sqlite sse ssl svg tcpd tetex tiff tools transcode truetype truetype-fonts type1-fonts unicode usb userlocales v4l v4l2 vim-with-x vorbis xinerama xml xml2 xsl xv xvid zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CBUILD, CTARGET, LDFLAGS, LINGUAS
Stable on alpha + ia64.
Shouldn't mozilla-firefox-bin be marked stable (amd64,x86) as well?
Just a note: I think this has been there a long time, but at lines 152-153, there is no escape of the newline, so the first sed substitution never occurs and the "s:/lib/firefox... line generates extraneous errors in the emerge logfile (or to the screen). The fix would be to put that all on one line, or escape the newline.
Readding amd64 to mark -bin stable.
Stable on hppa.
Stable on x86.
x86, amd64: please test and mark mozilla-firefox-bin-1.0.4 stable.
amd64 stable
x86 there... sorry for the delay
GLSA 200505-11 arm please remember to mark stable.