Age | Commit message (Collapse) | Author | Files | Lines |
|
- Fix for a potential buffer overflow vulnerability when loading a
hostname with all soft-hyphens
- Fix to prevent URLs passed from external programs from being parsed
by the shell
- Fix to prevent a crash when loading a Proxy Auto-Config (PAC) script
that uses an "eval" statement
- Fix to restore InstallTrigger.getVersion() for Extension authors
- Other stability and security fixes
|
|
- Restore API compatibility for extensions and web applications that did
not work in Firefox 1.0.5.
|
|
this release fixes the following security issues:
MFSA 2005-56 Code execution through shared function objects
MFSA 2005-55 XHTML node spoofing
MFSA 2005-54 Javascript prompt origin spoofing
MFSA 2005-53 Standalone applications can run arbitrary code through the browser
MFSA 2005-52 Same origin violation: frame calling top.focus()
MFSA 2005-51 The return of frame-injection spoofing
MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo()
MFSA 2005-49 Script injection from Firefox sidebar panel using data:
MFSA 2005-48 Same-origin violation with InstallTrigger callback
MFSA 2005-47 Code execution via "Set as Wallpaper"
MFSA 2005-46 XBL scripts ran even when Javascript disabled
MFSA 2005-45 Content-generated event vulnerabilities
|
|
issuses were fixed in this release:
MFSA 2005-44 Privilege escalation via non-DOM property overrides
MFSA 2005-43 "Wrapped" javascript: urls bypass security checks
MFSA 2005-42 Code execution via javascript: IconURL
|
|
package to match.
There are no firefox gtk1 binary packages for linux any longer, so
no need to keep two different -bin packages around.
This way it also matches the non-bin firefox packages.
|
|
|
|
Notes:
* NetBSD-native version not available, this can be used only with
MOZILLA_USE_LINUX
* Linux sets MOZ_GTK2, gtk1-compiled version doesn't appear to be available
* Solaris not tested
|
|
and Linux versions (define MOZILLA_USE_LINUX to use the Linux version).
both tested on NetBSD-current.
|
|
of the box because they need a newer glibc which needs compat_linux
fixes, so just remove it for now instead of pretending it will work.
|
|
Linux tested - there are no NetBSD builds so far and the Linux builds
require glibc-2.3 which isn't in pkgsrc so does not work out of the
box on NetBSD yet.
changes since 0.8 can be found at:
http://www.mozilla.org/products/firefox/releases/0.9.html
|
|
|
|
|
|
|
|
This is (right now) a Linux binary package.
Mozilla Firebird has been renamed to Firefox, and this package will
obsolete MozillaFirebird when Solaris and NetBSD builds become
available.
|