ALT Linux repositórios
S: | 118.0-alt1 |
5.0: | 3.0.9-alt1.M50.1 |
4.1: | 3.0.9-alt0.M41.1 |
+updates: | 3.0.4-alt0.M41.2 |
4.0: | 2.0.0.18-alt0.M40.1 |
3.0: | 1.0.7-alt3 |
+updates: | 1.0.8-alt0.M30.1 |
Group :: Rede/WWW
RPM: firefox
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
14 novembro 2008 Michael Shigorin <mike at altlinux.org> 2.0.0.18-alt0.M40.1
- New bugfix version 2.0.0.18 built for M40
- Fixed:
+ MFSA 2008-58 Parsing error in E4X default namespace
+ MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
+ MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
+ MFSA 2008-55 Crash and remote code execution in nsFrameManager
+ MFSA 2008-54 Buffer overflow in http-index-format parser
+ MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
+ MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
+ MFSA 2008-50 Crash and remote code execution via __proto__ tampering
+ MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
+ MFSA 2008-48 Image stealing via canvas and HTTP redirect
+ MFSA 2008-47 Information stealing via local shortcut files
- New bugfix version 2.0.0.17 built for M40
- Fixed:
+ MFSA 2008-45 XBM image uninitialized memory reading
+ MFSA 2008-44 resource: traversal vulnerabilities
+ MFSA 2008-43 BOM characters stripped from JavaScript before execution
+ MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
+ MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
+ MFSA 2008-40 Forced mouse drag
+ MFSA 2008-39 Privilege escalation using feed preview page and XSS flaw
+ MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
+ MFSA 2008-37 UTF-8 URL stack buffer overflow
- New bugfix version 2.0.0.16
- Fixed:
+ MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running
+ MFSA 2008-34 Remote code execution by overflowing CSS reference counter
- New bugfix version 2.0.0.15
- Fixed:
+ MFSA 2008-33 Crash and remote code execution in block reflow
+ MFSA 2008-32 Remote site run as local file via Windows URL shortcut
+ MFSA 2008-31 Peer-trusted certs can use alt names to spoof
+ MFSA 2008-30 File location URL in directory listings not escaped properly
+ MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
+ MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
+ MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
+ MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
+ MFSA 2008-24 Chrome script loading from fastload file
+ MFSA 2008-23 Signed JAR tampering
+ MFSA 2008-22 XSS through JavaScript same-origin violation
+ MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)
- built for M40
- New bugfix version 2.0.0.14
- Fixed:
+ MFSA 2008-20 Crash in JavaScript garbage collector
- built for M40
- New bugfix version 2.0.0.13
- Fixed:
+ MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
+ MFSA 2008-18 Java socket connection to any local port via LiveConnect
+ MFSA 2008-17 Privacy issue with SSL Client Authentication
+ MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
+ MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)
+ MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution
- New bugfix version 2.0.0.12
- Fixed:
+ MFSA 2008-11 Web forgery overwrite with div overlay
+ MFSA 2008-10 URL token stealing via stylesheet redirect
+ MFSA 2008-09 Mishandling of locally-saved plain text files
+ MFSA 2008-08 File action dialog tampering
+ MFSA 2008-07 Possible information disclosure in BMP decoder
+ MFSA 2008-06 Web browsing history and forward navigation stealing
+ MFSA 2008-05 Directory traversal via chrome: URI
+ MFSA 2008-04 Stored password corruption
+ MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
+ MFSA 2008-02 Multiple file input focus stealing vulnerabilities
+ MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
- New bugfix version 2.0.0.11
- Add SDK libs.
- Firefox 2.0.0.11 fixed a bug introduced by the 2.0.0.10 update
in the <canvas> feature that affected some web pages and extensions. - Fixed:
+ MFSA 2007-39 Referer-spoofing via window.location race condition
+ MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10)
+ MFSA 2007-37 jar: URI scheme XSS hazard
- New bugfix version 2.0.0.9
-Fixed:
+ Bug 400406 - Firefox will ignore the 'clear' CSS property when
used beneath a box that is using the 'float' property.
+ Bug 396695 - Add-ons are disabled after updating.
+ Bug 400421 - Removing a single area element from an image map
will cause the entire map to disappear.
- New bugfix version 2.0.0.8
-Fixed:
+ MFSA 2007-36 URIs with invalid mishandled by Windows
+ MFSA 2007-35 XPCNativeWrapper pollution using Script object
+ MFSA 2007-34 Possible file stealing through sftp protocol
+ MFSA 2007-33 XUL pages can hide the window titlebar
+ MFSA 2007-32 File input focus stealing vulnerability
+ MFSA 2007-31 Browser digest authentication request splitting
+ MFSA 2007-30 onUnload Tailgating
+ MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)
- New bugfix version 2.0.0.7
-Fixed:
+ MFSA 2007-28 Code execution via QuickTime Media-link files
- New bugfix version 2.0.0.6
- Fixed:
+ MFSA 2007-27 Unescaped URIs passed to external programs
+ MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows
- Fix desktop file.
- Add search plugins: wikipedia (en, ru).
- Update search plugins: yandex.
- New bugfix version 2.0.0.5
- Fixed:
+ MFSA 2007-25 XPCNativeWrapper pollution
+ MFSA 2007-24 Unauthorized access to wyciwyg:// documents
+ MFSA 2007-23 Remote code execution by launching Firefox from Internet Explorer
+ MFSA 2007-22 File type confusion due to %00 in name
+ MFSA 2007-21 Privilege escallation using an event handler attached to an element not in the document
+ MFSA 2007-20 Frame spoofing while window is loading
+ MFSA 2007-19 XSS using addEventListener and setTimeout
+ MFSA 2007-18 Crashes with evidence of memory corruption
- New bugfix version 2.0.0.4
- Add alternatives.
- Add intl.locale.matchOS by default (patch41: 01_locale.dpatch).
- Fix normal icons (bug#11756).
- Fix desktop file (bug#10558)
- Fix extension compatibility check.
- Fixed:
+ MFSA 2007-17 XUL Popup Spoofing
+ MFSA 2007-16 XSS using addEventListener
+ MFSA 2007-14 Path Abuse in Cookies
+ MFSA 2007-13 Persistent Autocomplete Denial of Service
+ MFSA 2007-12 Crashes with evidence of memory corruption (rv:1.8.0.12/1.8.1.4)
+ MFSA 2007-11 FTP PASV port-scanning
- New bugfix version 2.0.0.2
- Remove version from requires in *.pc.
- Fixed:
+ MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks
+ MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
+ MFSA 2007-05 XSS and local file access by opening blocked popups
+ MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
+ MFSA 2007-03 Information disclosure through cache collisions
+ MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks
+ MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)
- New minor version 2.0.0.1
- Fixed:
+ MFSA 2006-76 XSS using outer window's Function object
+ MFSA 2006-75 RSS Feed-preview referrer leak
+ MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
+ MFSA 2006-72 XSS by setting img.src to javascript: URI
+ MFSA 2006-71 LiveConnect crash finalizing JS objects
+ MFSA 2006-70 Privilege escalation using watch point
+ MFSA 2006-69 CSS cursor image buffer overflow (Windows only)
+ MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)
- Add %pre script.
- Remove version specific paths.
- New major version 2.0 .
- Don't build libxul.
- Add support for printing via Pango.
- Change printer paper size at A4.
- Check compatibility disabled.
- Patch disabling OS_TEST autoguessing for %ix86 builds on x86_64 host.
- New version 1.5.0.7 .
- Fixed:
+ MFSA 2006-64 Crashes with evidence of memory corruption (rv:1.8.0.7)
+ MFSA 2006-62 Popup-blocker cross-site scripting (XSS)
+ MFSA 2006-61 Frame spoofing using document.open()
+ MFSA 2006-60 RSA Signature Forgery
+ MFSA 2006-59 Concurrency-related vulnerability
+ MFSA 2006-58 Auto-Update compromise through DNS and SSL spoofing
+ MFSA 2006-57 JavaScript Regular Expression Heap Corruption
- Add libgtkembedmoz.so, firefox-gtkembedmoz.pc .
- Update BuildRequires.
- bugfix build.
- Patch to enable intl.locale.matchOS was removed.
- Added default download directory.
- bugfix build.
- Added patch to handle #9863 (history #4352).
- New version 1.5.0.6 .
- Fixed:
+ Fixed an issue with playing Windows Media content
+ MFSA 2006-56 chrome: scheme loading remote content
+ MFSA 2006-55 Crashes with evidence of memory corruption (rv:1.8.0.5)
+ MFSA 2006-54 XSS with XPCNativeWrapper(window).Function(...)
+ MFSA 2006-53 UniversalBrowserRead privilege escalation
+ MFSA 2006-52 PAC privilege escalation using Function.prototype.call
+ MFSA 2006-51 Privilege escalation using named-functions and redefined "new Object()"
+ MFSA 2006-50 JavaScript engine vulnerabilities
+ MFSA 2006-48 JavaScript new Function race condition
+ MFSA 2006-47 Native DOM methods can be hijacked across domains
+ MFSA 2006-46 Memory corruption with simultaneous events
+ MFSA 2006-45 Javascript navigator Object Vulnerability
+ MFSA 2006-44 Code execution through deleted frame reference
- New version.
- Fixed:
+ MFSA 2006-43 Privilege escalation using addSelectionListener
+ MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
+ MFSA 2006-41 File stealing by changing input type (variant)
+ MFSA 2006-39 "View Image" local resource linking (Windows)
+ MFSA 2006-38 Buffer overflow in crypto.signText()
+ MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
+ MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2
+ MFSA 2006-35 Privilege escalation through XUL persist
+ MFSA 2006-34 XSS viewing javascript: frames or images from context menu
+ MFSA 2006-33 HTTP response smuggling
+ MFSA 2006-32 Fixes for crashes with potential memory corruption
+ MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
- New version.
- Build libxul library.
- Fixed:
+ MFSA 2006-30 Deleted object reference when designMode="on".
- bugfix build.
- include fix
- plugins directory fix;
- New version 1.5.0.1
- Buildrequires updated for xorg-7.0
- run-firefox script bugfix:
* usage update
* plugins search path (x86_64)
* unparseable commands handling - bugfix: #7334, #7682, #8757, #8784, #9017
- New version 1.5 .
- Spec cleanup.
- Build with external rpm-build-firefox .
- Build with system NSS and NSPR.
- Unused libraries removed.
- Rpm mascros bugfix.
* fix for new rpm.
* change extension installation sheme (again). - Default preference tunning.
- Startup script rewritten. Now it is single script.
* command line shortcut added: altfaq:NUM . - SVG support enabled.
- directory /usr/share/firefox-@version@/extensions was added to extensions search path .
* this location is controled by the option extensions.dir.extensions . - Bug: #7682, #7801, #7856, #7949 fixed.
- major bugfix.
- build with official branding.
- x86_64 compatibility addon (patch20, patch21).
- release version.
- firsttime script added.
- SVG support disabled.
- Patch #2 bugfix (bug: #7682)
- fix -nox patch.
- add gssapi detection and build fixes from mhz@.
- new version from aviary branch fixing various bugs:
+ MFSA2005-54
+ Restore API compatibility for extensions and web applications
that did not work in Firefox 1.0.5.
- new version from aviary branch;
- new version from aviary branch fixing various security bugs;
- fix: #4846, #5101, #7126 (legion).
- if_{with,without} debug - added (legion).
- keyword 'altbug:' added, patch2 updated (legion).
- postin/postun-scripts scripts bugfixes (legion).
- triggers added for trash cleanup (legion).
- new version from aviary branch;
- fix #6595;
- add switches for svg/xprint easy builds.
- update alt-prefs-tuning.patch (disable annoying default browser dialog).
- new version;
- SA15601 security fix;
- BuildRequires cleanup (remove xorg-x11-libs-static).
- new version;
- requires fix;
- new version;
- RPATH fix;
- NoX patch was rewritten;
- rpm macros was updated;
- new version;
- patch9 was added (mozilla Bug #123315);
- patch10, patch11 was added (#6151);
- plugins path bugfix;
- svg support added;
- x86_64 compatibility added (thx mouse@);
- update patch firefox-1.0-20050201-alt-nox.patch
* uninstall-global-theme command-line option was added;
* update-register command-line option was added; - firefox-1.0-alt-rpm-scripts.tar.bz2 bugfix;
- disable svg support becouse svg layout lead to segfault
when mozilla compile with gcc3.4 . - search plugins was moved into the standalone rpm package.
- Rebuilt with libstdc++.so.6.
- new version;
- browser-plugins-npapi support added;
- new icons default icons(thx shrek@);
- option uninstall-global-extension was fixed;
- extension sheme changes;
- postin/preun scripts chenges;
- new default extensions added;
- protocol 'mailto' external handler added;
- firefox.macro changed;
- postun script changed;
- icons changed;
- New version 1.0PR;
- New extension scheme;
- Add:
* New option 'run-without-x' added (mouse, legion);
* SVG support added;
* Certificate (ALT Linux CA Root) added;
* ALT Linux BTS search plugin added;
* RPATH added to all binary files; - bug #4284 fixed;
- Move back some changes at alt3 build.
- Bug #4157 fixed.
- viewsource protocol was added.
- Minimize buildin extensions;
- Disable debug output;
- Disable some options:
+ disable JavaScript debug library;
+ disable LDAP support;
+ disable logging facilities; - Necko protocols cleanup;
- Splash screen added (thx sadist@);
- Search plugins added;
- Remove devel package Conflicts;
- Change rebuild-database.sh script. Script must be run only as root;
- Change locale hack.
- Mozilla Firebird becomes Mozilla Firefox. Mozilla's next
generation browser has changed names (again); - New version;
- Spec changes.
- run-mozilla.sh script patch.
- first build for ALT Linux.
- rpm macro created.
- new scheme loading extensions added (thx force@)