Comment 1 Sune Kloppenborg Jeppesen (RETIRED) 2005-07-12 22:18:34 UTC

Mozilla please provide updated ebuilds.    
   
MFSA 2005-51 The return of frame-injection spoofing fixes bug #95199   
MFSA 2005-54 Javascript prompt origin spoofing fixes bug #96682   
  
Mozilla Suite is also affected: 
 
 Fixed in Mozilla 1.7.9 
MFSA 2005-56 Code execution through shared function objects 
 MFSA 2005-55 XHTML node spoofing 
 MFSA 2005-54 Javascript prompt origin spoofing 
 MFSA 2005-52 Same origin violation: frame calling top.focus() 
 MFSA 2005-51 The return of frame-injection spoofing 
 MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo() 
 MFSA 2005-48 Same-origin violation with InstallTrigger callback 
 MFSA 2005-46 XBL scripts ran even when Javascript disabled 
 MFSA 2005-45 Content-generated event vulnerabilities 
 
And according to one of the advisories some issues apply to Thunderbird as as 
well and is fixed in 1.0.5 (ie MFSA 2005-46) but there it is still not listed 
on the security page. 

Comment 2 Thierry Carrez (RETIRED) 2005-07-13 01:00:59 UTC

We'll keep this one for Mozila suite only.

Comment 3 Thierry Carrez (RETIRED) 2005-07-13 01:09:33 UTC

*** Bug 96682 has been marked as a duplicate of this bug. ***

Comment 4 Thierry Carrez (RETIRED) 2005-07-14 03:41:11 UTC

Mozilla team, please bump both mozilla and mozilla-bin to 1.7.9

Comment 5 Thierry Carrez (RETIRED) 2005-07-14 03:50:44 UTC

Oops. Sorry, apparently it's not out yet. Got confused by their advisories.

Comment 6 Stefan Cornelius (RETIRED) 2005-07-21 13:14:04 UTC

Mozilla Suite 1.7.10 released. Mozilla team, please bump - thx!

I have commited the ebuild. Aron wants to make some changes before we move
forward so we do not have conflict of files. Soon as that is done will be able
to roll out for stable testing I believe. 

aight this is ready for testing if we can move for ~arch testing for would
appreciate. If all goes well we could call for stable tomorrow morning, after
agriffis, az and anyone else in mozilla herd has had a chance to discuss this.

Comment 9 Chris Gianelloni (RETIRED) 2005-07-22 06:04:41 UTC

You need to CC the arches that need to test it...

I'm adding them now

Comment 10 Stephen Becker (RETIRED) 2005-07-22 06:34:02 UTC

mozilla does not work on mips, removing mips from CC

Comment 11 Herbie Hopkins (RETIRED) 2005-07-22 07:01:12 UTC

It seems mozilla-bin-1.7.10 has not been committed yet.

Comment 12 Stefan Cornelius (RETIRED) 2005-07-22 07:23:25 UTC

Removing arches, the -bin ebuild is missing and the other one seems, according
to several complaints, be broken. Waiting for someone from mozilla herd to give
the final go-go.

Comment 13 Stefan Cornelius (RETIRED) 2005-07-22 07:24:35 UTC

ouh yeah, /me dumb....

all major issues resolved -bin is in the tree adding archs back we can stablize
as I was informed by agriffis.

BIN = amd64 x86
SOURCE = ppc amd64 sparc ia64 alpha hppa x86

we are looking for mozilla-launcher 1.39 to be marked stable with this. I will
tell you tho 1.41 is ideal as it has fixed the plugins issues.

Comment 16 Aron Griffis (RETIRED) 2005-07-22 15:16:07 UTC

alpha, amd64, ia64, x86 finished
mozilla-launcher-1.41 is also marked stable on all arches, so nobody needs to
bother with that.

Stable on ppc

Comment 18 René Nussbaumer (RETIRED) 2005-07-23 07:11:28 UTC

Stable on hppa

Comment 19 Gustavo Zacarias (RETIRED) 2005-07-23 11:02:00 UTC

sparc stable.

Comment 20 Stefan Cornelius (RETIRED) 2005-07-23 11:05:30 UTC

Ready for GLSA.

Comment 21 Sune Kloppenborg Jeppesen (RETIRED) 2005-07-26 12:44:38 UTC

GLSA 200507-24  
 
Thx everyone.