| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
MFSA 2006-75 RSS Feed-preview referrer leak
MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
MFSA 2006-72 XSS by setting img.src to javascript: URI
MFSA 2006-71 LiveConnect crash finalizing JS objects
MFSA 2006-70 Privilege escallation using watch point
MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)
For more info, see http://www.mozilla.com/en-US/firefox/releases/1.5.0.9.html
|
|
update firefox-bin and firefox2-bin to override MOZ_DIR to point
to the binary Linux distribution; kill their own MASTER_SITES
now firefox-bin and firefox2-bin automaticaly pick up mirror
changes in the master script
|
|
MFSA 2006-67 Running Script can be recompiled
MFSA 2006-66 RSA signature forgery (variant)
MFSA 2006-65 Crashes with evidence of memory corruption (rv:1.8.0.8)
For more info, see http://www.mozilla.com/en-US/firefox/releases/1.5.0.8.html
|
|
|
|
updates will follow later.
Fixed in Firefox 1.5.0.7:
MFSA 2006-64 Crashes with evidence of memory corruption (rv:1.8.0.7)
MFSA 2006-62 Popup-blocker cross-site scripting (XSS)
MFSA 2006-61 Frame spoofing using document.open()
MFSA 2006-60 RSA Signature Forgery
MFSA 2006-59 Concurrency-related vulnerability
MFSA 2006-58 Auto-Update compromise through DNS and SSL spoofing
MFSA 2006-57 JavaScript Regular Expression Heap Corruption
Fixed in SeaMonkey 1.0.5:
MFSA 2006-64 Crashes with evidence of memory corruption (rv:1.8.0.7)
MFSA 2006-63 JavaScript execution in mail via XBL
MFSA 2006-61 Frame spoofing using document.open()
MFSA 2006-60 RSA Signature Forgery
MFSA 2006-59 Concurrency-related vulnerability
MFSA 2006-57 JavaScript Regular Expression Heap Corruption
For more info, see http://www.mozilla.com/firefox/releases/1.5.0.7.html and
http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.0.5/
|
|
- Fixed an issue with playing Windows Media content
|
|
- Improvements to product stability
- Several security fixes:
MFSA 2006-56 chrome: scheme loading remote content
MFSA 2006-55 Crashes with evidence of memory corruption (rv:1.8.0.5)
MFSA 2006-54 XSS with XPCNativeWrapper(window).Function(...)
MFSA 2006-53 UniversalBrowserRead privilege escalation
MFSA 2006-52 PAC privilege escalation using Function.prototype.call
MFSA 2006-51 Privilege escalation using named-functions and redefined
"new Object()"
MFSA 2006-50 JavaScript engine vulnerabilities
MFSA 2006-48 JavaScript new Function race condition
MFSA 2006-47 Native DOM methods can be hijacked across domains
MFSA 2006-46 Memory corruption with simultaneous events
MFSA 2006-45 Javascript navigator Object Vulnerability
MFSA 2006-44 Code execution through deleted frame reference
|
|
|
|
Changes:
Fixes for security issues:
MFSA 2006-43 Privilege escalation using addSelectionListener
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-41 File stealing by changing input type (variant)
MFSA 2006-39 "View Image" local resource linking (Windows)
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-34 XSS viewing javascript: frames or images from context menu
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
|
|
|
|
XXX why this has special MASTER_SITES setting? it should make use of
XXX list in mozilla-bin/Makefile.common
|
|
- Security fix for denial of service vulnerability reported in
Mozilla Foundation Security Advisory 2006-30
|
|
* Universal Binary support for Mac OS X which provides native support
for Macintosh with Intel Core processors. Firefox supports the
enhancements to performance introduced by the new MacIntel chipsets.
* Improvements to product stability.
* Several security fixes.
|
|
|
|
|
|
* Improved stability.
* Improved support for Mac OS X.
* International Domain Name support for Iceland (.is) is now enabled.
* Fixes for several memory leaks.
* Several security enhancements.
|
|
Changes:
- Automated update to streamline product upgrades. Notification of an
update is more prominent, and updates to Firefox may now be half a
megabyte or smaller. Updating extensions has also improved.
- Faster browser navigation with improvements to back and forward button
performance.
- Drag and drop reordering for browser tabs.
- Improvements to popup blocking.
- Clear Private Data feature provides an easy way to quickly remove
personal data through a menu item or keyboard shortcut.
- Answers.com is added to the search engine list.
- Improvements to product usability including descriptive error pages,
redesigned options menu, RSS discovery, and "Safe Mode" experience.
- Better accessibility including support for DHTML accessibility and
assistive technologies such as the Window-Eyes 5.5 beta screen reader
for Microsoft Windows. Screen readers read aloud all available
information in applications and documents or show the information on
a Braille display, enabling blind and visually impaired users to use
equivalent software functionality as their sighted peers.
- Report a broken Web site wizard to report Web sites that are not
working in Firefox.
- Better support for Mac OS X (10.2 and greater) including profile
migration from Safari and Mac Internet Explorer.
- New support for Web Standards including SVG, CSS 2 and CSS 3, and
JavaScript 1.6.
- Many security enhancements.
Full release notes: http://www.mozilla.com/firefox/releases/1.5.html
XXX: Solaris packages available, need work.
|
|
"pkglint --autofix" change.
|
|
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
|
|
- Fix for a potential buffer overflow vulnerability when loading a
hostname with all soft-hyphens
- Fix to prevent URLs passed from external programs from being parsed
by the shell
- Fix to prevent a crash when loading a Proxy Auto-Config (PAC) script
that uses an "eval" statement
- Fix to restore InstallTrigger.getVersion() for Extension authors
- Other stability and security fixes
|
|
- Restore API compatibility for extensions and web applications that did
not work in Firefox 1.0.5.
|
|
this release fixes the following security issues:
MFSA 2005-56 Code execution through shared function objects
MFSA 2005-55 XHTML node spoofing
MFSA 2005-54 Javascript prompt origin spoofing
MFSA 2005-53 Standalone applications can run arbitrary code through the browser
MFSA 2005-52 Same origin violation: frame calling top.focus()
MFSA 2005-51 The return of frame-injection spoofing
MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo()
MFSA 2005-49 Script injection from Firefox sidebar panel using data:
MFSA 2005-48 Same-origin violation with InstallTrigger callback
MFSA 2005-47 Code execution via "Set as Wallpaper"
MFSA 2005-46 XBL scripts ran even when Javascript disabled
MFSA 2005-45 Content-generated event vulnerabilities
|
|
issuses were fixed in this release:
MFSA 2005-44 Privilege escalation via non-DOM property overrides
MFSA 2005-43 "Wrapped" javascript: urls bypass security checks
MFSA 2005-42 Code execution via javascript: IconURL
|
|
package to match.
There are no firefox gtk1 binary packages for linux any longer, so
no need to keep two different -bin packages around.
This way it also matches the non-bin firefox packages.
|
|
|
|
Notes:
* NetBSD-native version not available, this can be used only with
MOZILLA_USE_LINUX
* Linux sets MOZ_GTK2, gtk1-compiled version doesn't appear to be available
* Solaris not tested
|
|
and Linux versions (define MOZILLA_USE_LINUX to use the Linux version).
both tested on NetBSD-current.
|
|
of the box because they need a newer glibc which needs compat_linux
fixes, so just remove it for now instead of pretending it will work.
|
|
Linux tested - there are no NetBSD builds so far and the Linux builds
require glibc-2.3 which isn't in pkgsrc so does not work out of the
box on NetBSD yet.
changes since 0.8 can be found at:
http://www.mozilla.org/products/firefox/releases/0.9.html
|
|
|
|
|
|
|
|
This is (right now) a Linux binary package.
Mozilla Firebird has been renamed to Firefox, and this package will
obsolete MozillaFirebird when Solaris and NetBSD builds become
available.
|
