Fixed in Firefox 1.0.5 MFSA 2005-56 Code execution through shared function objects MFSA 2005-55 XHTML node spoofing MFSA 2005-54 Javascript prompt origin spoofing MFSA 2005-53 Standalone applications can run arbitrary code through the browser MFSA 2005-52 Same origin violation: frame calling top.focus() MFSA 2005-51 The return of frame-injection spoofing MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo() MFSA 2005-49 Script injection from Firefox sidebar panel using data: MFSA 2005-48 Same-origin violation with InstallTrigger callback MFSA 2005-47 Code execution via "Set as Wallpaper" MFSA 2005-46 XBL scripts ran even when Javascript disabled MFSA 2005-45 Content-generated event vulnerabilities
Mozilla please provide updated ebuilds. MFSA 2005-51 The return of frame-injection spoofing fixes bug #95199 MFSA 2005-54 Javascript prompt origin spoofing fixes bug #96682 Mozilla Suite is also affected: Fixed in Mozilla 1.7.9 MFSA 2005-56 Code execution through shared function objects MFSA 2005-55 XHTML node spoofing MFSA 2005-54 Javascript prompt origin spoofing MFSA 2005-52 Same origin violation: frame calling top.focus() MFSA 2005-51 The return of frame-injection spoofing MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo() MFSA 2005-48 Same-origin violation with InstallTrigger callback MFSA 2005-46 XBL scripts ran even when Javascript disabled MFSA 2005-45 Content-generated event vulnerabilities And according to one of the advisories some issues apply to Thunderbird as as well and is fixed in 1.0.5 (ie MFSA 2005-46) but there it is still not listed on the security page.
We'll keep this one for Mozila suite only.
*** Bug 96682 has been marked as a duplicate of this bug. ***
Mozilla team, please bump both mozilla and mozilla-bin to 1.7.9
Oops. Sorry, apparently it's not out yet. Got confused by their advisories.
Mozilla Suite 1.7.10 released. Mozilla team, please bump - thx!
I have commited the ebuild. Aron wants to make some changes before we move forward so we do not have conflict of files. Soon as that is done will be able to roll out for stable testing I believe.
aight this is ready for testing if we can move for ~arch testing for would appreciate. If all goes well we could call for stable tomorrow morning, after agriffis, az and anyone else in mozilla herd has had a chance to discuss this.
You need to CC the arches that need to test it... I'm adding them now
mozilla does not work on mips, removing mips from CC
It seems mozilla-bin-1.7.10 has not been committed yet.
Removing arches, the -bin ebuild is missing and the other one seems, according to several complaints, be broken. Waiting for someone from mozilla herd to give the final go-go.
ouh yeah, /me dumb....
all major issues resolved -bin is in the tree adding archs back we can stablize as I was informed by agriffis. BIN = amd64 x86 SOURCE = ppc amd64 sparc ia64 alpha hppa x86
we are looking for mozilla-launcher 1.39 to be marked stable with this. I will tell you tho 1.41 is ideal as it has fixed the plugins issues.
alpha, amd64, ia64, x86 finished mozilla-launcher-1.41 is also marked stable on all arches, so nobody needs to bother with that.
Stable on ppc
Stable on hppa
sparc stable.
Ready for GLSA.
GLSA 200507-24 Thx everyone.