New Release 1.5.0.4 with multiple security fixes
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
firefox (Ubuntu) |
Invalid
|
High
|
Martin Pitt | ||
Hoary |
Fix Released
|
High
|
Martin Pitt | ||
Breezy |
Fix Released
|
High
|
Martin Pitt | ||
Dapper |
Fix Released
|
High
|
Unassigned |
Bug Description
http://
Important security issues fixed with this release.
MFSA 2006-43 Privilege escalation using addSelectionLis
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-41 File stealing by changing input type (variant)
MFSA 2006-39 "View Image" local resource linking (Windows)
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-34 XSS viewing javascript: frames or images from context menu
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
This is a security issue. Is there any plan to include this in dapper-security yet?