Ubuntu
firefox package

New Release 1.5.0.4 with multiple security fixes

Bug #48043 reported by John Eikenberry
268
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Invalid
High
Martin Pitt
Ubuntu ubuntu-6.06
Hoary
Fix Released
High
Martin Pitt
Breezy
Fix Released
High
Martin Pitt
Dapper
Fix Released
High
Unassigned

Bug Description

http://www.mozilla.com/firefox/releases/1.5.0.4.html

Important security issues fixed with this release.

MFSA 2006-43 Privilege escalation using addSelectionListener
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-41 File stealing by changing input type (variant)
MFSA 2006-39 "View Image" local resource linking (Windows)
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-34 XSS viewing javascript: frames or images from context menu
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)

Revision history for this message
John Dong (jdong) wrote :

This is a security issue. Is there any plan to include this in dapper-security yet?

Changed in firefox:
status: Unconfirmed → Confirmed
Revision history for this message
Martin Pitt (pitti) wrote : Re: [Bug 48043] Re: New Release 1.5.0.4 with multiple security fixes

Hi,

John Dong [2006-06-04 20:30 -0000]:
> This is a security issue. Is there any plan to include this in dapper-
> security yet?

Yes, very soon (next week).

Martin

--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian Developer http://www.debian.org

Revision history for this message
John Dong (jdong) wrote : Re: [Bug 48043] Re: [Bug 48043] Re: New Release 1.5.0.4 with multiple security fixes

Alright, glad to hear that. Thanks for keeping us updated on that :)

On 6/4/06, Martin Pitt <email address hidden> wrote:
>
> Hi,
>
> John Dong [2006-06-04 20:30 -0000]:
> > This is a security issue. Is there any plan to include this in dapper-
> > security yet?
>
> Yes, very soon (next week).
>
> Martin
>
> --
> Martin Pitt http://www.piware.de
> Ubuntu Developer http://www.ubuntulinux.org
> Debian Developer http://www.debian.org
>
> --
> New Release 1.5.0.4 with multiple security fixes
> https://launchpad.net/bugs/48043
>

Revision history for this message
Martin Pitt (pitti) wrote :

Ian prepared a package, will be uploaded soon.

Changed in firefox:
assignee: nobody → pitti
status: Confirmed → In Progress
Revision history for this message
Martin Pitt (pitti) wrote :

Just for the records, 1.5.0.4 is in dapper since last week. Keeping this bug open until hoary and breezy are fixed.

Revision history for this message
Bruce Cowan (bruce89-deactivatedaccount) wrote :

Added specific release details, probably not a good idea.

Changed in firefox:
status: Unconfirmed → In Progress
status: Unconfirmed → In Progress
status: Unconfirmed → Fix Released
importance: Untriaged → High
importance: Untriaged → High
assignee: nobody → pitti
importance: Untriaged → High
status: In Progress → Rejected
assignee: nobody → pitti
Revision history for this message
Martin Pitt (pitti) wrote :

USN-296-2

Changed in firefox:
status: In Progress → Fix Released
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.