Репозиторий Sisyphus
Последнее обновление: 14 декабря 2019 | Пакетов: 17489 | Посещений: 16091747
en ru br
Репозитории ALT
S:60.8.0-alt1
5.1: 3.1.7-alt0.20110123.M50P.1
4.1: 2.0.0.21-alt0.M41.1
4.0: 2.0.0.21-alt0.M40.1
3.0: 1.0.6-alt2.1
+updates:1.0.8-alt0.M30.1
www.altlinux.org/Changes

Группа :: Сети/Почта
Пакет: thunderbird

 Главная   Изменения   Спек   Патчи   Sources   Загрузить   Gear   Bugs and FR  Repocop 

10 июля 2019 Andrey Cherepanov <cas at altlinux.org> 60.8.0-alt1

  • New version (60.8.0).
  • Fixed:
     + CVE-2019-9811 Sandbox escape via installation of malicious language pack
     + CVE-2019-11711 Script injection within domain through inner window reuse
     + CVE-2019-11712 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
     + CVE-2019-11713 Use-after-free with HTTP/2 cached stream
     + CVE-2019-11729 Empty or malformed p256-ECDH public keys may trigger a segmentation fault
     + CVE-2019-11715 HTML parsing error can contribute to content XSS
     + CVE-2019-11717 Caret character improperly escaped in origins
     + CVE-2019-11719 Out-of-bounds read when importing curve25519 private key
     + CVE-2019-11730 Same-origin policy treats all files in a directory as having the same-origin
     + CVE-2019-11709 Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and Thunderbird 60.8
  • Enigmail 2.0.12.

3 июля 2019 Gleb F-Malinovskiy <glebfm at altlinux.org> 60.7.2-alt2

  • Added ppc64le support.

22 июня 2019 Andrey Cherepanov <cas at altlinux.org> 60.7.2-alt1

  • New version (60.7.2).
  • Fixed:
     + CVE-2019-11707 Type confusion in Array.pop
     + CVE-2019-11708 sandbox escape using Prompt:Open

18 июня 2019 Andrey Cherepanov <cas at altlinux.org> 60.7.1-alt2

  • enigmail: disable pEpAutoDownload.

14 июня 2019 Andrey Cherepanov <cas at altlinux.org> 60.7.1-alt1

  • New version (60.7.1).
  • Fixed:
     + CVE-2019-11703 Heap buffer overflow in icalparser.c
     + CVE-2019-11704 Heap buffer overflow in icalvalue.c
     + CVE-2019-11705 Stack buffer overflow in icalrecur.c
     + CVE-2019-11706 Type confusion in icalproperty.c
  • Enigmail 2.0.11.
  • thunderbird-enigmail now requires pinentry-x11 (ALT #18790).
  • Use juniorModeForceOff by default in Enigmail (ALT #36447).
  • Fix l10n dtd of Enigmail.

20 мая 2019 Andrey Cherepanov <cas at altlinux.org> 60.7.0-alt1

  • New version (60.7.0).
  • Fixed:
     + CVE-2019-9815 Disable hyperthreading on content JavaScript threads on macOS
     + CVE-2019-9816 Type confusion with object groups and UnboxedObjects
     + CVE-2019-9817 Stealing of cross-domain images using canvas
     + CVE-2019-9818 Use-after-free in crash generation server
     + CVE-2019-9819 Compartment mismatch with fetch API
     + CVE-2019-9820 Use-after-free of ChromeEventHandler by DocShell
     + CVE-2019-11691 Use-after-free in XMLHttpRequest
     + CVE-2019-11692 Use-after-free removing listeners in the event listener manager
     + CVE-2019-11693 Buffer overflow in WebGL bufferdata on Linux
     + CVE-2019-7317 Use-after-free in png_image_free of libpng library
     + CVE-2019-9797 Cross-origin theft of images with createImageBitmap
     + CVE-2018-18511 Cross-origin theft of images with ImageBitmapRenderingContext
     + CVE-2019-11694 Uninitialized memory memory leakage in Windows sandbox
     + CVE-2019-11698 Theft of user history data through drag and drop of hyperlinks to and from bookmarks
     + CVE-2019-5798 Out-of-bounds read in Skia
     + CVE-2019-9800 Memory safety bugs fixed in Firefox 67, Firefox ESR 60.7, and Thunderbird 60.7

22 апреля 2019 Andrey Cherepanov <cas at altlinux.org> 60.6.1-alt2

  • Fix global serch indexing by link with bundled sqlite3 (ALT #35761).

26 марта 2019 Andrey Cherepanov <cas at altlinux.org> 60.6.1-alt1

  • New version (60.6.1).
  • Fixes:
     + CVE-2019-9810 IonMonkey MArraySlice has incorrect alias information
     + CVE-2019-9813 Ionmonkey type confusion with __proto__ mutations

21 марта 2019 Andrey Cherepanov <cas at altlinux.org> 60.6.0-alt1

  • New version (60.6.0).
  • Fixes:
     + CVE-2019-9790 Use-after-free when removing in-use DOM elements
     + CVE-2019-9791 Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey
     + CVE-2019-9792 IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
     + CVE-2019-9793 Improper bounds checks when Spectre mitigations are disabled
     + CVE-2019-9794 Command line arguments not discarded during execution
     + CVE-2019-9795 Type-confusion in IonMonkey JIT compiler
     + CVE-2019-9796 Use-after-free with SMIL animation controller
     + CVE-2019-9801 Windows programs that are not 'URL Handlers' are exposed to web content
     + CVE-2018-18506 Proxy Auto-Configuration file can define localhost access to be proxied
     + CVE-2019-9788 Memory safety bugs fixed in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6
  • Build with Clang.

27 февраля 2019 Andrey Cherepanov <cas at altlinux.org> 60.5.2-alt1

  • New version (60.5.2).

15 февраля 2019 Andrey Cherepanov <cas at altlinux.org> 60.5.1-alt1

  • New version (60.5.1).
  • Fixes:
     + CVE-2018-18356 Use-after-free in Skia
     + CVE-2019-5785 Integer overflow in Skia
     + CVE-2018-18335 Buffer overflow in Skia with accelerated Canvas 2D
     + CVE-2018-18509 S/MIME signature spoofing

1 февраля 2019 Andrey Cherepanov <cas at altlinux.org> 60.5.0-alt1

  • New version (60.5.0).
  • Fixes:
     + CVE-2018-18500 Use-after-free parsing HTML5 stream
     + CVE-2018-18505 Privilege escalation through IPC channel messages
     + CVE-2016-5824 DoS (use-after-free) via a crafted ics file
     + CVE-2018-18501 Memory safety bugs fixed in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5

29 января 2019 Paul Wolneykien <manowar at altlinux.org> 60.4.0-alt3

  • Added Enigmail GOST patch.

10 января 2019 Andrey Cherepanov <cas at altlinux.org> 60.4.0-alt2

  • Rebuild with llvm7.0.

24 декабря 2018 Andrey Cherepanov <cas at altlinux.org> 60.4.0-alt1

  • New version (60.4.0).
  • Enigmail 2.0.9.
  • Fixes:
     + CVE-2018-17466 Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
     + CVE-2018-18492 Use-after-free with select element
     + CVE-2018-18493 Buffer overflow in accelerated 2D canvas with Skia
     + CVE-2018-18494 Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
     + CVE-2018-18498 Integer overflow when calculating buffer sizes for images
     + CVE-2018-12405 Memory safety bugs fixed in Firefox 64, Firefox ESR 60.4, and Thunderbird 60.4

9 декабря 2018 Andrey Cherepanov <cas at altlinux.org> 60.3.3-alt1

  • New version (60.3.3).

30 ноября 2018 Andrey Cherepanov <cas at altlinux.org> 60.3.2-alt1

  • New version (60.3.2).

22 ноября 2018 Andrey Cherepanov <cas at altlinux.org> 60.3.1-alt1

  • New version (60.3.1).

2 ноября 2018 Andrey Cherepanov <cas at altlinux.org> 60.3.0-alt1

  • New version (60.3.0).
  • Fixes:
     + CVE-2018-12391 HTTP Live Stream audio data is accessible cross-origin
     + CVE-2018-12392 Crash with nested event loops
     + CVE-2018-12393 Integer overflow during Unicode conversion while loading JavaScript
     + CVE-2018-12389 Memory safety bugs fixed in Firefox ESR 60.3 and Thunderbird 60.3
     + CVE-2018-12390 Memory safety bugs fixed in Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3

15 октября 2018 Andrey Cherepanov <cas at altlinux.org> 60.2.1-alt1

  • New version (60.2.1).
  • Fixes:
     + CVE-2018-12377 Use-after-free in refresh driver timers
     + CVE-2018-12378 Use-after-free in IndexedDB
     + CVE-2018-12379 Out-of-bounds write with malicious MAR file
     + CVE-2017-16541 Proxy bypass using automount and autofs
     + CVE-2018-12376 Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
     + CVE-2018-12385 Crash in TransportSecurityInfo due to cached data
     + CVE-2018-12383 Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords

13 августа 2018 Andrey Cherepanov <cas at altlinux.org> 60.0-alt1

  • New version (60.0).
  • Enigmail 2.0.8.
  • Fixes:
     + CVE-2018-12359 Buffer overflow using computed size of canvas element
     + CVE-2018-12360 Use-after-free when using focus()
     + CVE-2018-12361 Integer overflow in SwizzleData
     + CVE-2018-12362 Integer overflow in SSSE3 scaler
     + CVE-2018-5156 Media recorder segmentation fault when track type is changed during capture
     + CVE-2018-12363 Use-after-free when appending DOM nodes
     + CVE-2018-12364 CSRF attacks through 307 redirects and NPAPI plugins
     + CVE-2018-12365 Compromised IPC child process can list local filenames
     + CVE-2018-12371 Integer overflow in Skia library during edge builder allocation
     + CVE-2018-12366 Invalid data handling during QCMS transformations
     + CVE-2018-12367 Timing attack mitigation of PerformanceNavigationTiming
     + CVE-2018-12368 No warning when opening executable SettingContent-ms files
     + CVE-2018-5187 Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Thunderbird 60
     + CVE-2018-5188 Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 60

11 июля 2018 Andrey Cherepanov <cas at altlinux.org> 52.9.1-alt1

  • New version (52.9.1).
  • Complete fix of the EFAIL vulnerability.

4 июля 2018 Andrey Cherepanov <cas at altlinux.org> 52.9.0-alt1

  • New version (52.9.0).
  • Enigmail 2.0.7.
  • Fixes:
     + CVE-2018-12359 Buffer overflow using computed size of canvas element
     + CVE-2018-12360 Use-after-free when using focus()
     + CVE-2018-12372 S/MIME and PGP decryption oracles can be built with HTML emails
     + CVE-2018-12373 S/MIME plaintext can be leaked through HTML reply/forward
     + CVE-2018-12362 Integer overflow in SSSE3 scaler
     + CVE-2018-12363 Use-after-free when appending DOM nodes
     + CVE-2018-12364 CSRF attacks through 307 redirects and NPAPI plugins
     + CVE-2018-12365 Compromised IPC child process can list local filenames
     + CVE-2018-12366 Invalid data handling during QCMS transformations
     + CVE-2018-12368 No warning when opening executable SettingContent-ms files
     + CVE-2018-12374 Using form to exfiltrate encrypted mail part by pressing enter in form field
     + CVE-2018-5188 Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 52.9

19 мая 2018 Andrey Cherepanov <cas at altlinux.org> 52.8.0-alt1

  • New version (52.8.0).
  • Enigmail 2.0.4.
  • Fixes:
     + CVE-2018-5183 Backport critical security fixes in Skia
     + CVE-2018-5184 Full plaintext recovery in S/MIME via chosen-ciphertext attack
     + CVE-2018-5154 Use-after-free with SVG animations and clip paths
     + CVE-2018-5155 Use-after-free with SVG animations and text paths
     + CVE-2018-5159 Integer overflow and out-of-bounds write in Skia
     + CVE-2018-5161 Hang via malformed headers
     + CVE-2018-5162 Encrypted mail leaks plaintext through src attribute
     + CVE-2018-5170 Filename spoofing for external attachments
     + CVE-2018-5168 Lightweight themes can be installed without user interaction
     + CVE-2018-5178 Buffer overflow during UTF-8 to Unicode string conversion through legacy extension
     + CVE-2018-5185 Leaking plaintext through HTML forms
     + CVE-2018-5150 Memory safety bugs fixed in Firefox 60, Firefox ESR 52.8, and Thunderbird 52.8
  • Build in several threads.

24 марта 2018 Andrey Cherepanov <cas at altlinux.org> 52.7.0-alt1

  • New version (52.7.0)
  • Fixes:
     + CVE-2018-5127 Buffer overflow manipulating SVG animatedPathSegList
     + CVE-2018-5129 Out-of-bounds write with malformed IPC messages
     + CVE-2018-5144 Integer overflow during Unicode conversion
     + CVE-2018-5146 Out of bounds memory write in libvorbis
     + CVE-2018-5125 Memory safety bugs fixed in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7
     + CVE-2018-5145 Memory safety bugs fixed in Firefox ESR 52.7 and Thunderbird 52.7

29 января 2018 Andrey Cherepanov <cas at altlinux.org> 52.6.0-alt1

  • New version (52.6.0)
  • Fixes:
     + CVE-2018-5095 Integer overflow in Skia library during edge builder allocation
     + CVE-2018-5096 Use-after-free while editing form elements
     + CVE-2018-5097 Use-after-free when source document is manipulated during XSLT
     + CVE-2018-5098 Use-after-free while manipulating form input elements
     + CVE-2018-5099 Use-after-free with widget listener
     + CVE-2018-5102 Use-after-free in HTML media elements
     + CVE-2018-5103 Use-after-free during mouse event handling
     + CVE-2018-5104 Use-after-free during font face manipulation
     + CVE-2018-5117 URL spoofing with right-to-left text aligned left-to-right
     + CVE-2018-5089 Memory safety bugs fixed in Firefox 58, Firefox ESR 52.6, and Thunderbird 52.6

25 декабря 2017 Andrey Cherepanov <cas at altlinux.org> 52.5.2-alt1

  • New version (52.5.2)
  • Enigmail 1.9.9
  • Fixes:
     + CVE-2017-7846 JavaScript Execution via RSS in mailbox:// origin
     + CVE-2017-7847 Local path string can be leaked from RSS feed
     + CVE-2017-7848 RSS Feed vulnerable to new line Injection
     + CVE-2017-7829 Mailsploit part 1: From address with encoded null character is cut off in message header display

24 ноября 2017 Andrey Cherepanov <cas at altlinux.org> 52.5.0-alt1

  • New version (52.5.0)
  • Fixes:
     + CVE-2017-7828 Use-after-free of PressShell while restyling layout
     + CVE-2017-7830 Cross-origin URL information leak through Resource
     + CVE-2017-7826 Memory safety bugs fixed in Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5

7 октября 2017 Andrey Cherepanov <cas at altlinux.org> 52.4.0-alt1

  • New version (52.4.0)
  • Enigmail 1.9.8.3
  • Fixes:
     + CVE-2017-7793 Use-after-free with Fetch API
     + CVE-2017-7818 Use-after-free during ARIA array manipulation
     + CVE-2017-7819 Use-after-free while resizing images in design mode
     + CVE-2017-7824 Buffer overflow when drawing and validating elements with ANGLE
     + CVE-2017-7805 Use-after-free in TLS 1.2 generating handshake hashes
     + CVE-2017-7814 Blob and data URLs bypass phishing and malware protection warnings
     + CVE-2017-7825 OS X fonts render some Tibetan and Arabic unicode characters as spaces
     + CVE-2017-7823 CSP sandbox directive did not create a unique origin
     + CVE-2017-7810 Memory safety bugs fixed in Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4

20 августа 2017 Andrey Cherepanov <cas at altlinux.org> 52.3.0-alt1

  • New version (52.3.0)
  • Enigmail 1.9.8.1

26 июня 2017 Andrey Cherepanov <cas at altlinux.org> 52.2.1-alt1

  • New version (52.2.1)

22 июня 2017 Andrey Cherepanov <cas at altlinux.org> 52.2.0-alt1

  • New version (52.2.0)
  • Security fixes:
     + CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
     + CVE-2017-7749: Use-after-free during docshell reloading
     + CVE-2017-7750: Use-after-free with track elements
     + CVE-2017-7751: Use-after-free with content viewer listeners
     + CVE-2017-7752: Use-after-free with IME input
     + CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
     + CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
     + CVE-2017-7757: Use-after-free in IndexedDB
     + CVE-2017-7778: Vulnerabilities in the Graphite 2 library
     + CVE-2017-7758: Out-of-bounds read in Opus encoder
     + CVE-2017-7763: Mac fonts render some unicode characters as spaces
     + CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
     + CVE-2017-7765: Mark of the Web bypass when saving executable files
     + CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2, and Thunderbird 52.2

16 мая 2017 Andrey Cherepanov <cas at altlinux.org> 52.1.1-alt1

  • New version (52.1.1)
  • New Enigmail 1.9.7

2 мая 2017 Andrey Cherepanov <cas at altlinux.org> 52.1.0-alt1

  • New version (52.0.1)
  • Security fixes:
     + CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR
     + CVE-2017-5430: Memory safety bugs fixed in Firefox 53, Firefox ESR
     + CVE-2017-5432: Use-after-free in text input selection
     + CVE-2017-5433: Use-after-free in SMIL animation functions
     + CVE-2017-5434: Use-after-free during focus handling
     + CVE-2017-5435: Use-after-free during transaction processing in the
     + CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
     + CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
     + CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT
     + CVE-2017-5440: Use-after-free in txExecutionState destructor during
     + CVE-2017-5441: Use-after-free with selection during scroll events
     + CVE-2017-5442: Use-after-free during style changes
     + CVE-2017-5443: Out-of-bounds write during BinHex decoding
     + CVE-2017-5444: Buffer overflow while parsing
     + CVE-2017-5445: Uninitialized values used while parsing
     + CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent
     + CVE-2017-5447: Out-of-bounds read during glyph processing
     + CVE-2017-5449: Crash during bidirectional unicode manipulation with
     + CVE-2017-5451: Addressbar spoofing with onblur event
     + CVE-2017-5454: Sandbox escape allowing file system read access through
     + CVE-2017-5459: Buffer overflow in WebGL
     + CVE-2017-5460: Use-after-free in frame selection
     + CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
     + CVE-2017-5462: DRBG flaw in NSS
     + CVE-2017-5464: Memory corruption with accessibility and DOM
     + CVE-2017-5465: Out-of-bounds read in ConvolvePixel
     + CVE-2017-5466: Origin confusion when reloading isolated data:text/html
     + CVE-2017-5467: Memory corruption when drawing Skia content
     + CVE-2017-5469: Potential Buffer overflow in flex-generated code
     + CVE-2016-10196: Vulnerabilities in Libevent library

17 апреля 2017 Andrey Cherepanov <cas at altlinux.org> 52.0.1-alt1

  • New version (52.0.1)

5 апреля 2017 Andrey Cherepanov <cas at altlinux.org> 52.0-alt1

  • New version (52.0)

7 марта 2017 Andrey Cherepanov <cas at altlinux.org> 45.8.0-alt1

  • New versoin (45.8.0)

3 марта 2017 Andrey Cherepanov <cas at altlinux.org> 45.7.1-alt1

  • New version (45.7.1)
  • Add windows-1251 to sendDefaultCharsetList
  • Fix subdirectory name from mozilla to thunderbird-<version>

2 февраля 2017 Anton Farygin <rider at altlinux.ru> 45.7.0-alt3

  • prevent thunderbird segfault due overoptimisation of new gcc6 (closes: #33048)

27 января 2017 Vladimir Didenko <cow at altlinux.org> 45.7.0-alt2

  • Disable null pointer gcc6 optimization (closes: #33048)

26 января 2017 Andrey Cherepanov <cas at altlinux.org> 45.7.0-alt1

  • New version (45.7.0)

21 января 2017 Andrey Cherepanov <cas at altlinux.org> 45.6.0-alt2

  • Fix build with GCC 6.1

29 декабря 2016 Andrey Cherepanov <cas at altlinux.org> 45.6.0-alt1

  • New version (45.6.0)

1 декабря 2016 Andrey Cherepanov <cas at altlinux.org> 45.5.1-alt1

  • New version (45.5.1)
  • Security fixes:
     + MFSA 2016-92 Firefox SVG Animation Remote Code Execution

21 ноября 2016 Andrey Cherepanov <cas at altlinux.org> 45.5.0-alt1

  • New version (45.5.0)
  • Enigmail 1.9.6.1

1 октября 2016 Andrey Cherepanov <cas at altlinux.org> 45.4.0-alt1

  • New version (45.4.0)

5 сентября 2016 Andrey Cherepanov <cas at altlinux.org> 45.3.0-alt1

  • New version (45.3.0)
  • Enigmail 1.9.5
  • Remove separate package with Lightning because Lightning is part of
     Thunderbird

2 июля 2016 Andrey Cherepanov <cas at altlinux.org> 45.2.0-alt1

  • New version (45.2.0)
  • Enigmail 1.9.3

1 июня 2016 Andrey Cherepanov <cas at altlinux.org> 45.1.1-alt1

  • New version (45.1.1)

20 мая 2016 Andrey Cherepanov <cas at altlinux.org> 45.1.0-alt1

  • New version (45.1.0)
  • Enigmail 1.9.2
  • Set correct URL and version to extension packages

14 апреля 2016 Andrey Cherepanov <cas at altlinux.org> 45.0.0-alt1

  • New version (45.0.0)

28 марта 2016 Andrey Cherepanov <cas at altlinux.org> 38.7.1-alt1

  • New version (38.7.1)

15 марта 2016 Andrey Cherepanov <cas at altlinux.org> 38.7.0-alt1

  • New version (38.7.0)
  • Enigmail (1.9.1)
  • Obsoletes thunderbird-esr

17 февраля 2016 Andrey Cherepanov <cas at altlinux.org> 38.6.0-alt1

  • New version
  • Security fixes:
     + MFSA 2016-14 Vulnerabilities in Graphite 2
     + MFSA 2016-03 Buffer overflow in WebGL after out of memory allocation
     + MFSA 2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)
     + MFSA 2015-150 MD5 signatures accepted within TLS 1.2
       ServerKeyExchange in server signature

17 января 2016 Andrey Cherepanov <cas at altlinux.org> 38.5.1-alt1

  • New version

26 декабря 2015 Andrey Cherepanov <cas at altlinux.org> 38.5.0-alt1

  • New version
  • Security fixes:
     + MFSA 2015-149 Cross-site reading attack through data and view-source URIs
     + MFSA 2015-146 Integer overflow in MP4 playback in 64-bit versions
     + MFSA 2015-145 Underflow through code inspection
     + MFSA 2015-139 Integer overflow allocating extremely large textures

26 ноября 2015 Alexey Gladkov <legion at altlinux.ru> 38.4.0-alt1

  • New version (38.4.0).
  • Enigmail (1.8.2).
  • Fixed:
     + 2015-90 Vulnerabilities found through code inspection
     + 2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images
     + 2015-85 Out-of-bounds write with Updater and malicious MAR file
     + 2015-84 Arbitrary file overwriting through Mozilla Maintenance Service with hard links
     + 2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)
     + 2015-71 NSS incorrectly permits skipping of ServerKeyExchange
     + 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
     + 2015-67 Key pinning is ignored when overridable errors are encountered
     + 2015-66 Vulnerabilities found through code inspection
     + 2015-63 Use-after-free in Content Policy due to microtask execution error
     + 2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)

20 июня 2015 Alexey Gladkov <legion at altlinux.ru> 38.0.1-alt1

  • New version (38.0.1).

11 декабря 2014 Alexey Gladkov <legion at altlinux.ru> 31.3.0-alt1

  • New version (31.3.0).
  • Fixed:
     + MFSA 2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory
     + MFSA 2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer
     + MFSA 2014-88 Buffer overflow while parsing media content
     + MFSA 2014-87 Use-after-free during HTML5 parsing
     + MFSA 2014-85 XMLHttpRequest crashes with some input streams
     + MFSA 2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)

23 октября 2014 Alexey Gladkov <legion at altlinux.ru> 31.2.0-alt1

  • New version (31.2.0).
  • Fixed:
     + MFSA 2014-81 Inconsistent video sharing within iframe
     + MFSA 2014-79 Use-after-free interacting with text directionality
     + MFSA 2014-77 Out-of-bounds write with WebM video
     + MFSA 2014-76 Web Audio memory corruption issues with custom waveforms
     + MFSA 2014-75 Buffer overflow during CSS manipulation
     + MFSA 2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)

25 сентября 2014 Alexey Gladkov <legion at altlinux.ru> 31.1.2-alt1

  • New version (31.1.2).
  • Fixed:
     + MFSA 2014-73 RSA Signature Forgery in NSS
     + MFSA 2014-72 Use-after-free setting text directionality
     + MFSA 2014-70 Out-of-bounds read in Web Audio audio timeline
     + MFSA 2014-69 Uninitialized memory use during GIF rendering
     + MFSA 2014-68 Use-after-free during DOM interactions with SVG
     + MFSA 2014-67 Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8)

28 июля 2014 Alexey Gladkov <legion at altlinux.ru> 31.0-alt1

  • New version (31.0).
  • Fixed:
     + MFSA 2014-66 IFRAME sandbox same-origin access through redirect
     + MFSA 2014-65 Certificate parsing broken by non-standard character encoding
     + MFSA 2014-64 Crash in Skia library when scaling high quality images
     + MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache
     + MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library
     + MFSA 2014-61 Use-after-free with FireOnStateChange event
     + MFSA 2014-59 Use-after-free in DirectWrite font handling
     + MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering
     + MFSA 2014-57 Buffer overflow during Web Audio buffering for playback
     + MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)

21 июля 2014 Alexey Gladkov <legion at altlinux.ru> 24.6.0-alt1

  • New version (24.6.0).
  • Fixed:
     + MFSA 2014-52 Use-after-free with SMIL Animation Controller
     + MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
     + MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)

11 мая 2014 Alexey Gladkov <legion at altlinux.ru> 24.5.0-alt1

  • New version (24.5.0).
  • Fixed:
     + MFSA 2014-46 Use-after-free in nsHostResolve
     + MFSA 2014-44 Use-after-free in imgLoader while resizing images
     + MFSA 2014-43 Cross-site scripting (XSS) using history navigations
     + MFSA 2014-42 Privilege escalation through Web Notification API
     + MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
     + MFSA 2014-37 Out of bounds read while decoding JPG images
     + MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer
     + MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)

23 марта 2014 Alexey Gladkov <legion at altlinux.ru> 24.4.0-alt1

  • New version (24.4.0).
  • Fixed:
     + MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
     + MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
     + MFSA 2014-30 Use-after-free in TypeObject
     + MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
     + MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
     + MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
     + MFSA 2014-26 Information disclosure through polygon rendering in MathML
     + MFSA 2014-17 Out of bounds read during WAV file decoding
     + MFSA 2014-16 Files extracted during updates are not always read only
     + MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)

9 февраля 2014 Alexey Gladkov <legion at altlinux.ru> 24.3.0-alt1

  • New version (24.3.0).
  • Fixed:
     + MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
     + MFSA 2014-12 NSS ticket handling issues
     + MFSA 2014-09 Cross-origin information leak through web workers
     + MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
     + MFSA 2014-04 Incorrect use of discarded images by RasterImage
     + MFSA 2014-02 Clone protected content with XBL scopes
     + MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)

24 декабря 2013 Alexey Gladkov <legion at altlinux.ru> 24.2.0-alt1

  • New version (24.2.0).
  • Fixed:
     + MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
     + MFSA 2013-116 JPEG information leak
     + MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
     + MFSA 2013-114 Use-after-free in synthetic mouse movement
     + MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
     + MFSA 2013-111 Segmentation violation when replacing ordered list elements
     + MFSA 2013-109 Use-after-free during Table Editing
     + MFSA 2013-108 Use-after-free in event listeners
     + MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)

21 ноября 2013 Alexey Gladkov <legion at altlinux.ru> 24.1.1-alt1

  • New version (24.1.1).
  • Fixed:
     + MFSA 2013-103 Miscellaneous Network Security Services (NSS) vulnerabilities

3 ноября 2013 Alexey Gladkov <legion at altlinux.ru> 24.1.0-alt1

  • New version (24.1.0).
  • Fixed:
     + MFSA 2013-102 Use-after-free in HTML document templates
     + MFSA 2013-101 Memory corruption in workers
     + MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
     + MFSA 2013-98 Use-after-free when updating offline cache
     + MFSA 2013-97 Writing to cycle collected object during image decoding
     + MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
     + MFSA 2013-95 Access violation with XSLT and uninitialized data
     + MFSA 2013-94 Spoofing addressbar though SELECT element
     + MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)

13 октября 2013 Alexey Gladkov <legion at altlinux.ru> 24.0.1-alt1

  • New version (24.0.1).
  • Use internal mozldap.
  • Fixed:
     + MFSA 2013-92 GC hazard with default compartments and frame chain restoration
     + MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
     + MFSA 2013-90 Memory corruption involving scrolling
     + MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
     + MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
     + MFSA 2013-85 Uninitialized data in IonMonkey
     + MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
     + MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
     + MFSA 2013-81 Use-after-free with select element
     + MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
     + MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
     + MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
     + MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)

13 августа 2013 Alexey Gladkov <legion at altlinux.ru> 17.0.8-alt1

  • New version (17.0.8).
  • Fixed:
     + MFSA 2013-75 Local Java applets may read contents of local file system
     + MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
     + MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
     + MFSA 2013-71 Further Privilege escalation through Mozilla Updater
     + MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
     + MFSA 2013-68 Document URI misrepresentation and masquerading
     + MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
     + MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)

30 июня 2013 Alexey Gladkov <legion at altlinux.ru> 17.0.7-alt1

  • New version (17.0.7).
  • Fixed:
     + MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
     + MFSA 2013-56 PreserveWrapper has inconsistent behavior
     + MFSA 2013-55 SVG filters can lead to information disclosure
     + MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
     + MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
     + MFSA 2013-51 Privileged content access and execution via XBL
     + MFSA 2013-50 Memory corruption found using Address Sanitizer
     + MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)

5 июня 2013 Alexey Gladkov <legion at altlinux.ru> 17.0.6-alt1

  • New version (17.0.6).
  • Fixed:
     + MFSA 2013-48 Memory corruption found using Address Sanitizer
     + MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
     + MFSA 2013-46 Use-after-free with video and onresize event
     + MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
     + MFSA 2013-42 Privileged access for content level constructor
     + MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)

11 апреля 2013 Alexey Gladkov <legion at altlinux.ru> 17.0.5-alt1

  • New version (17.0.5).
  • Enigmail (1.5.1).
  • Fixed:
     + MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
     + MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
     + MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
     + MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
     + MFSA 2013-34 Privilege escalation through Mozilla Updater
     + MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
     + MFSA 2013-31 Out-of-bounds write in Cairo library
     + MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
     + MFSA 2013-29 Use-after-free in HTML Editor

1 марта 2013 Alexey Gladkov <legion at altlinux.ru> 17.0.3-alt1

  • New version (17.0.3).
  • Fixed:
     + MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
     + MFSA 2013-27 Phishing on HTTPS connection through malicious proxy
     + MFSA 2013-26 Use-after-free in nsImageLoadingContent
     + MFSA 2013-25 Privacy leak in JavaScript Workers
     + MFSA 2013-24 Web content bypass of COW and SOW security wrappers
     + MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)

17 января 2013 Alexey Gladkov <legion at altlinux.ru> 17.0.2-alt1

  • New version (17.0.2).
  • Fixed:
     + MFSA 2013-20 Mis-issued TURKTRUST certificates
     + MFSA 2013-19 Use-after-free in Javascript Proxy objects
     + MFSA 2013-18 Use-after-free in Vibrate
     + MFSA 2013-17 Use-after-free in ListenerManager
     + MFSA 2013-16 Use-after-free in serializeToStream
     + MFSA 2013-15 Privilege escalation through plugin objects
     + MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype
     + MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG
     + MFSA 2013-12 Buffer overflow in Javascript string concatenation
     + MFSA 2013-11 Address space layout leaked in XBL objects
     + MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy
     + MFSA 2013-09 Compartment mismatch with quickstubs returned values
     + MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection
     + MFSA 2013-07 Crash due to handling of SSL on threads
     + MFSA 2013-05 Use-after-free when displaying table with many columns and column groups
     + MFSA 2013-04 URL spoofing in addressbar during page loads
     + MFSA 2013-03 Buffer Overflow in Canvas
     + MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer
     + MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)

23 ноября 2012 Alexey Gladkov <legion at altlinux.ru> 17.0-alt1

  • New version (17.0).
  • Fixed:
     + MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
     + MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
     + MFSA 2012-103 Frames can shadow top.location
     + MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
     + MFSA 2012-100 Improper security filtering for cross-origin wrappers
     + MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment
     + MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox
     + MFSA 2012-96 Memory corruption in str_unescape
     + MFSA 2012-94 Crash when combining SVG text on path with CSS
     + MFSA 2012-93 evalInSanbox location context incorrectly applied
     + MFSA 2012-92 Buffer overflow while rendering GIF images
     + MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)

1 ноября 2012 Alexey Gladkov <legion at altlinux.ru> 16.0.2-alt1

  • New version (16.0.2).
  • Fixed:
     + MFSA 2012-90 Fixes for Location object issues
     + MFSA 2012-67 Installer will launch incorrect executable following new installation

23 октября 2012 Alexey Gladkov <legion at altlinux.ru> 16.0.1-alt1

  • New version (16.0.1).
  • Enigmail (1.4.5).
  • Fixed:
     + MFSA 2012-89 defaultValue security checks not applied
     + MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1)
     + MFSA 2012-87 Use-after-free in the IME State Manager
     + MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer
     + MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
     + MFSA 2012-84 Spoofing and script injection through location.hash
     + MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
     + MFSA 2012-82 top object and location property accessible by plugins
     + MFSA 2012-81 GetProperty function can bypass security checks
     + MFSA 2012-80 Crash with invalid cast when using instanceof operator
     + MFSA 2012-79 DOS and crash with full screen and history navigation
     + MFSA 2012-77 Some DOMWindowUtils methods bypass security checks
     + MFSA 2012-76 Continued access to initial origin after setting document.domain
     + MFSA 2012-75 select element persistance allows for attacks
     + MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)

29 августа 2012 Alexey Gladkov <legion at altlinux.ru> 15.0-alt1

  • New version (15.0).
  • Fixed:
     + MFSA 2012-72 Web console eval capable of executing chrome-privileged code
     + MFSA 2012-70 Location object security checks bypassed by chrome code
     + MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html
     + MFSA 2012-67 Installer will launch incorrect executable following new installation
     + MFSA 2012-65 Out-of-bounds read in format-number in XSLT
     + MFSA 2012-64 Graphite 2 memory corruption
     + MFSA 2012-63 SVG buffer overflow and use-after-free issues
     + MFSA 2012-62 WebGL use-after-free and memory corruption
     + MFSA 2012-61 Memory corruption with bitmap format images with negative height
     + MFSA 2012-59 Location object can be shadowed using Object.defineProperty
     + MFSA 2012-58 Use-after-free issues found using Address Sanitizer
     + MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)

30 июля 2012 Alexey Gladkov <legion at altlinux.ru> 14.0-alt1

  • New version (14.0).
  • Fixed:
     + MFSA 2012-56 Code execution through javascript: URLs
     + MFSA 2012-53 Content Security Policy 1.0 implementation errors cause data leakage
     + MFSA 2012-52 JSDependentString::undepend string conversion results in memory corruption
     + MFSA 2012-51 X-Frame-Options header ignored when duplicated
     + MFSA 2012-50 Out of bounds read in QCMS
     + MFSA 2012-49 Same-compartment Security Wrappers can be bypassed
     + MFSA 2012-48 use-after-free in nsGlobalWindow::PageHidden
     + MFSA 2012-47 Improper filtering of javascript in HTML feed-view
     + MFSA 2012-45 Spoofing issue with location
     + MFSA 2012-44 Gecko memory corruption
     + MFSA 2012-42 Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6)

5 июля 2012 Alexey Gladkov <legion at altlinux.ru> 13.0.1-alt1

  • New version (13.0.1).
  • Fixed:
     + MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer
     + MFSA 2012-39 NSS parsing errors with zero length items
     + MFSA 2012-38 Use-after-free while replacing/inserting a node in a document
     + MFSA 2012-37 Information disclosure though Windows file shares and shortcut files
     + MFSA 2012-36 Content Security Policy inline-script bypass
     + MFSA 2012-35 Privilege escalation through Mozilla Updater and Windows Updater Service
     + MFSA 2012-34 Miscellaneous memory safety hazards

9 мая 2012 Alexey Gladkov <legion at altlinux.ru> 12.0.1-alt1

  • New version (12.0.1).
  • Use internal libcairo.
  • Fixed:
     + MFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feeds
     + MFSA 2012-32 HTTP Redirections and remote content can be read by javascript errors
     + MFSA 2012-31 Off-by-one error in OpenType Sanitizer
     + MFSA 2012-30 Crash with WebGL content using textImage2D
     + MFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
     + MFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver access restrictions
     + MFSA 2012-27 Page load short-circuit can lead to XSS
     + MFSA 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error
     + MFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite
     + MFSA 2012-24 Potential XSS via multibyte content processing errors
     + MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface
     + MFSA 2012-22 use-after-free in IDBKeyRange
     + MFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)

20 апреля 2012 Alexey Gladkov <legion at altlinux.ru> 11.0.1-alt1

  • New version (11.0.1).
  • Fixed:
     + MFSA 2012-19 Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28)
     + MFSA 2012-18 window.fullScreen writeable by untrusted content
     + MFSA 2012-17 Crash when accessing keyframe cssText after dynamic modification
     + MFSA 2012-16 Escalation of privilege with Javascript: URL as home page
     + MFSA 2012-15 XSS with multiple Content Security Policy headers
     + MFSA 2012-14 SVG issues found with Address Sanitizer
     + MFSA 2012-13 XSS with Drag and Drop and Javascript: URL

23 февраля 2012 Alexey Gladkov <legion at altlinux.ru> 10.0.2-alt1

  • New version (10.0.2).
  • Fixed:
     + MFSA 2012-11 libpng integer overflow
     + MFSA 2012-10 use after free in nsXBLDocumentInfo::ReadPrototypeBindings
     + MFSA 2012-08 Crash with malformed embedded XSLT stylesheets
     + MFSA 2012-07 Potential Memory Corruption When Decoding Ogg Vorbis files
     + MFSA 2012-06 Uninitialized memory appended when encoding icon images may cause information disclosure
     + MFSA 2012-05 Frame scripts calling into untrusted objects bypass security checks
     + MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal of nodes
     + MFSA 2012-03 <iframe> element exposed across domains via name attribute
     + MFSA 2012-01 Miscellaneous memory safety hazards (rv:10.0/ rv:1.9.2.26)
     + MFSA 2011-58 Crash scaling <video> to extreme sizes
     + MFSA 2011-57 Crash when plugin removes itself on Mac OS X
     + MFSA 2011-56 Key detection without JavaScript via SVG animation
     + MFSA 2011-55 nsSVGValue out-of-bounds access
     + MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library
     + MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0)

31 января 2012 Alexey Gladkov <legion at altlinux.ru> 8.0-alt2

  • Rebuilt with libvpx.

15 ноября 2011 Alexey Gladkov <legion at altlinux.ru> 8.0-alt1

  • New version (8.0).
  • Fixed:
     + MFSA 2011-52 Code execution via NoWaiverWrapper
     + MFSA 2011-51 Cross-origin image theft on Mac with integrated Intel GPU
     + MFSA 2011-50 Cross-origin data theft using canvas and Windows D2D
     + MFSA 2011-49 Memory corruption while profiling using Firebug
     + MFSA 2011-48 Miscellaneous memory safety hazards (rv:8.0)
     + MFSA 2011-47 Potential XSS against sites using Shift-JIS
     + MFSA 2011-44 Use after free reading OGG headers
     + MFSA 2011-42 Potentially exploitable crash in the YARR regular expression library
     + MFSA 2011-40 Code installation through holding down Enter
     + MFSA 2011-39 Defense against multiple Location headers due to CRLF Injection
     + MFSA 2011-36 Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23)

6 сентября 2011 Alexey Gladkov <legion at altlinux.ru> 6.0.1-alt1

  • New version (6.0.1).
  • Fixed:
     + MFSA 2011-34 Protection against fraudulent DigiNotar certificates

25 августа 2011 Alexey Gladkov <legion at altlinux.ru> 6.0-alt1

  • New version (6.0).
  • Add GIO support (ALT#11503).
  • Fixed:
     + MFSA 2011-31 Security issues addressed in Thunderbird 6

21 июля 2011 Alexey Gladkov <legion at altlinux.ru> 5.0-alt1

  • New version (5.0).
  • Remove gnome-support subpackage.

9 апреля 2011 Alexey Gladkov <legion at altlinux.ru> 3.1.9-alt1.20110409

  • New snapshot (3.1.9 20110409).
  • Use xdg-open (ALT#25403).

8 марта 2011 Alexey Gladkov <legion at altlinux.ru> 3.1.9-alt1.20110308

  • New version (3.1.9 20110308).
  • Fixed:
     + MFSA 2011-09 Crash caused by corrupted JPEG image
     + MFSA 2011-08 ParanoidFragmentSink allows javascript: URLs in chrome documents
     + MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)

23 января 2011 Alexey Gladkov <legion at altlinux.ru> 3.1.7-alt1.20110123

  • New snapshot (3.1.7 20110123)
  • Fix update request (ALT#23867)

15 августа 2010 Alexey Gladkov <legion at altlinux.ru> 3.1.2-alt1.20100815

  • New snapshot (3.1.2 20100810)
  • Fixed:
     + MFSA 2010-47 Cross-origin data leakage from script filename in error messages
     + MFSA 2010-46 Cross-domain data theft using CSS
     + MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
     + MFSA 2010-43 Same-origin bypass using canvas context
     + MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts
     + MFSA 2010-41 Remote code execution using malformed PNG image
     + MFSA 2010-40 nsTreeSelection dangling pointer remote code execution vulnerability
     + MFSA 2010-39 nsCSSValue::Array index integer overflow
     + MFSA 2010-38 Arbitrary code execution using SJOW and fast native function
     + MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)

29 июня 2010 Alexey Gladkov <legion at altlinux.ru> 3.1.1-alt1.20100626

  • New snapshot

5 апреля 2010 Alexey Gladkov <legion at altlinux.ru> 3.0.4-alt1.20100404

  • New snapshot (3.0.4 20100404)
  • Add gnome support.
  • Fixed:
     + MFSA 2010-24 XMLDocument::load() doesn't check nsIContentPolicy
     + MFSA 2010-22 Update NSS to support TLS renegotiation indication
     + MFSA 2010-18 Dangling pointer vulnerability in nsTreeContentView
     + MFSA 2010-17 Remote code execution with use-after-free in nsTreeSelection
     + MFSA 2010-16 Crashes with evidence of memory corruption (rv:1.9.2.2/ 1.9.1.9/ 1.9.0.19)

28 января 2010 Alexey Gladkov <legion at altlinux.ru> 3.0.1-alt1.20100128

  • New snapshot (3.0.1 20100128)

26 ноября 2009 Alexey Gladkov <legion at altlinux.ru> 3.0-alt1.20091126

  • New snapshot (3.0 20091126)

18 октября 2009 Alexey Gladkov <legion at altlinux.ru> 3.0-alt1.20091018

  • New snapshot (3.0 20091018)

11 октября 2009 Alexey Gladkov <legion at altlinux.ru> 3.0-alt1.20091010

  • New snapshot (3.0 20091010)

29 сентября 2009 Alexey Gladkov <legion at altlinux.ru> 3.0-alt1.20090929

  • New snapshot (3.0 20090929)

1 сентября 2009 Alexey Gladkov <legion at altlinux.ru> 3.0-alt1.20090917

  • New snapshot (3.0 20090917)

17 августа 2009 Alexey Gladkov <legion at altlinux.ru> 3.0-alt1.20090817

  • New snapshot (3.0 20090817)

29 июля 2009 Alexey Gladkov <legion at altlinux.ru> 3.0-alt1.20090729

  • New snapshot (3.0 20090729)

1 июня 2009 Alexey Gladkov <legion at altlinux.ru> 3.0-alt1.20090601

  • New snapshot (3.0 20090601)

26 апреля 2009 Alexey Gladkov <legion at altlinux.ru> 3.0-alt1.20090424

  • New snapshot (3.0 20090424)

12 марта 2009 Alexey Gladkov <legion at altlinux.ru> 3.0-alt1.20090312

  • New snapshot (3.0 20090312)
  • Use system mozsqlite3 (sqlite3 unsupported)

24 ноября 2008 Alexey Gladkov <legion at altlinux.ru> 2.0.0.18-alt1

  • New version (2.0.0.18)
  • Fixed:
       + MFSA 2008-59 Script access to .documentURI and .textContent in mail
       + MFSA 2008-58 Parsing error in E4X default namespace
       + MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
       + MFSA 2008-55 Crash and remote code execution in nsFrameManager
       + MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
       + MFSA 2008-50 Crash and remote code execution via __proto__ tampering
       + MFSA 2008-48 Image stealing via canvas and HTTP redirect

18 ноября 2008 Alexey Gladkov <legion at altlinux.ru> 2.0.0.17-alt1

  • New version (2.0.0.17)
  • Fixed:
       + MFSA 2008-46 Heap overflow when canceling newsgroup message
       + MFSA 2008-44 resource: traversal vulnerabilities
       + MFSA 2008-43 BOM characters stripped from JavaScript before execution
       + MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
       + MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
       + MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
       + MFSA 2008-37 UTF-8 URL stack buffer overflow
       + MFSA 2008-34 Remote code execution by overflowing CSS reference counter
       + MFSA 2008-33 Crash and remote code execution in block reflow
       + MFSA 2008-31 Peer-trusted certs can use alt names to spoof
       + MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
       + MFSA 2008-26 Buffer length checks in MIME processing
       + MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
       + MFSA 2008-24 Chrome script loading from fastload file
       + MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)

17 июля 2008 Alexey Gladkov <legion at altlinux.ru> 2.0.0.14-alt2

  • Bugfix build.
  • Dont use LD_LIBRARY_PATH in startup scripts.

11 мая 2008 Alexey Gladkov <legion at altlinux.ru> 2.0.0.14-alt1

  • New version (2.0.0.14)
  • Fixed:
       + MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)
       + MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution

2 марта 2008 Alexey Gladkov <legion at altlinux.ru> 2.0.0.12-alt1

  • New version (2.0.0.12)
  • Fixed:
       + MFSA 2008-12 Heap buffer overflow in external MIME bodies
       + MFSA 2008-05 Directory traversal via chrome: URI
       + MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
       + MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
       + MFSA 2007-36 URIs with invalid  mishandled by Windows
       + MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)
       + MFSA 2007-27 Unescaped URIs passed to external programs
       + MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows

2 августа 2007 Alexey Gladkov <legion at altlinux.ru> 2.0.0.6-alt1

  • New version (2.0.0.6)
  • Fixed:
       + MFSA 2007-27 Unescaped URIs passed to external programs
       + MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows

20 июля 2007 Alexey Gladkov <legion at altlinux.ru> 2.0.0.5-alt1

  • New version (2.0.0.5)
  • Fixed:
       + MFSA 2007-23 Remote code execution by launching Firefox from Internet Explorer
       + MFSA 2007-18 Crashes with evidence of memory corruption

29 июня 2007 Alexey Gladkov <legion at altlinux.ru> 2.0.0.4-alt1

  • New version (2.0.0.4)
  • Fix normal icons.
  • Fixed:
       + MFSA 2007-15 Security Vulnerability in APOP Authentication
       + MFSA 2007-12 Crashes with evidence of memory corruption (rv:1.8.0.12/1.8.1.4)

22 апреля 2007 Alexey Gladkov <legion at altlinux.ru> 2.0.0.0-alt1

  • New version (2.0.0.0)
  • Many bugfixes (see http://weblogs.mozillazine.org/rumblingedge/archives/2007/03/tb_2.html).
  • Add RSS files (again).

27 февраля 2007 Alexey Gladkov <legion at altlinux.ru> 2.0-alt1.b2

  • New version (2.0 Beta 2)

23 ноября 2006 Alexey Gladkov <legion at altlinux.ru> 1.5.0.8-alt1

  • New version (1.5.0.8)
  • Remove version specific paths.
  • Add %pre script.
  • Improvements to product stability.
  • Fixed:
       + MFSA 2006-67 Running Script can be recompiled
       + MFSA 2006-66 RSA signature forgery (variant)
       + MFSA 2006-65 Crashes with evidence of memory corruption (rv:1.8.0.8)
       + MFSA 2006-64 Crashes with evidence of memory corruption (rv:1.8.0.7)
       + MFSA 2006-63 JavaScript execution in mail via XBL
       + MFSA 2006-60 RSA Signature Forgery
       + MFSA 2006-59 Concurrency-related vulnerability
       + MFSA 2006-58 Auto-Update compromise through DNS and SSL spoofing
       + MFSA 2006-57 JavaScript Regular Expression Heap Corruption

17 августа 2006 Alexey Gladkov <legion at altlinux.ru> 1.5.0.5-alt1

  • New version (1.5.0.5)
  • Build with MozLDAP support.
  • Improvements to product stability.
  • Fixed:
       + MFSA 2006-55 Crashes with evidence of memory corruption (rv:1.8.0.5)
       + MFSA 2006-54 XSS with XPCNativeWrapper(window).Function(...)
       + MFSA 2006-53 UniversalBrowserRead privilege escalation
       + MFSA 2006-52 PAC privilege escalation using Function.prototype.call
       + MFSA 2006-51 Privilege escalation using named-functions and redefined "new Object()"
       + MFSA 2006-50 JavaScript engine vulnerabilities
       + MFSA 2006-49 Heap buffer overwrite on malformed VCard
       + MFSA 2006-48 JavaScript new Function race condition
       + MFSA 2006-47 Native DOM methods can be hijacked across domains
       + MFSA 2006-46 Memory corruption with simultaneous events
       + MFSA 2006-44 Code execution through deleted frame reference

2 мая 2006 Alexey Gladkov <legion at altlinux.ru> 1.5.0.2-alt1

  • New bugfix version.
  • Improvements to product stability.
  • Fixed:
       + MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented;
       + MFSA 2006-27 Table Rebuilding Code Execution Vulnerability;
       + MFSA 2006-26 Mail Multiple Information Disclosure;
       + MFSA 2006-25 Privilege escalation through Print Preview;
       + MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest;
       + MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability;
       + MFSA 2006-21 JavaScript execution in mail when forwarding in-line;
       + MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2);
       + MFSA 2006-08 "AnyName" entrainment and access control hazard;
       + MFSA 2006-07 Read beyond buffer while parsing XML;
       + MFSA 2006-06 Integer overflows in E4X, SVG and Canvas;
       + MFSA 2006-05 Localstore.rdf XML injection through XULDocument.persist();
       + MFSA 2006-04 Memory corruption via QueryInterface on Location, Navigator objects;
       + MFSA 2006-02 Changing postion:relative to static corrupts memory;
       + MFSA 2006-01 JavaScript garbage-collection hazards.

24 марта 2006 Alexey Gladkov <legion at altlinux.ru> 1.5-alt2

  • bugfix build.
  • share extension directory fix.

21 февраля 2006 Alexey Gladkov <legion at altlinux.ru> 1.5-alt1

  • new version 1.5
  • build with rpm-build-thunderbird (external build macros)
  • Build with system NSS and NSPR.
  • Buildrequires updated for xorg-7.0
  • directory /usr/share/thunderbird-@version@/extensions was added to extensions search path .
     * this location is controled by the option extensions.dir.extensions .
  • Startup script rewritten. Now it is single script.
     * command line shortcut added: altmail:MAILLIST
       (example: "altmail:devel" -> mailto:devel@list.altlinux.org).
  • LDAP support disabled.
  • firsttime script removed
  • NoX patch removed

24 августа 2005 Alexey Gladkov <legion at altlinux.ru> 1.0.6-alt2

  • packaging bugfix.
  • rpm mascros bugfix.
  • The script is added for switching language after installation/removal
     of a localization package.
  • Bug: #6204, #6254 fixed.

15 августа 2005 Alexey Gladkov <legion at altlinux.ru> 1.0.6-alt1

  • new version.
  • firsttime script added.

11 мая 2005 Alexey Gladkov <legion at altlinux.ru> 1.0.2-alt1

  • new version;
  • RSS missing files add;

1 февраля 2005 Alexey Gladkov <legion at altlinux.ru> 1.0-alt4

  • update patch thunderbird-1.0-20050201-alt-nox.patch
     * uninstall-global-theme command-line option was added;
     * update-register command-line option was added;
  • thunderbird-1.0-alt-rpm-scripts.tar.bz2 bugfix;

27 января 2005 Alexey Gladkov <legion at altlinux.ru> 1.0-alt3

  • fix crush when comiling with gcc3.4 .

19 января 2005 Alexey Gladkov <legion at altlinux.ru> 1.0-alt2

  • Rebuilt with libstdc++.so.6.

6 января 2005 Alexey Gladkov <legion at altlinux.ru> 1.0-alt1

  • new version;
  • new extension load scheme;
  • uninstall-global-extension option fixed;
  • add RPATH=%_libdir/%fullname to the all binares;
  • rpm macros was updated;
  • %post_ldconfig and %postun_ldconfig was removed.
  • icons updated (thx shrek@);

16 июля 2004 Alexey Morozov <morozov at altlinux.org> 0.7.2-alt2

  • new version (0.7.2)
  • rpm macros file is splitted to base and devel parts
  • Russian spec translation
  • A patch to handle external URLs w/ url_handler
  • Requirements cleanup

7 мая 2004 Alexey Gladkov <legion at altlinux.ru> 0.6-alt1

  • New version;
  • Splash screen added;
  • Default userContent.css added;
  • Offline extension added by default;
  • Confilct between mozilla-like devel packages was removed.

11 февраля 2004 Alexey Gladkov <legion at altlinux.ru> 0.5-alt1

  • New version.

13 января 2004 Alexey Gladkov <legion at altlinux.ru> 0.4-alt4

  • Spec changes.

26 декабря 2003 Alexey Gladkov <legion at altlinux.ru> 0.4-alt3

  • first build for ALT Linux.
  • rpm macro added.
  • new scheme loading extensions added (thx force@)
  • Spec modifications.
 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin