Ubuntu
firefox package

New Release 1.5.0.2

Bug #39580 reported by John Eikenberry
24
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Firefox 1.5.0.2 has been released [1]. It fixes several security issues [2], so it probably should be updated in dapper.

[1] http://www.mozilla.com/firefox/releases/1.5.0.2.html
[2] http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.2

Revision history for this message
John Eikenberry (jae) wrote :

Changed severity to critical as security fixes are included.

Revision history for this message
DarkMageZ (darkmagez) wrote :

changing severity to critical again? who bumped it down? and why?
and also status to confirmed

Changed in firefox:
status: Unconfirmed → Confirmed
Revision history for this message
DarkMageZ (darkmagez) wrote :

hopefully this time we will see some changes to resolve or atleast help bug #32561

Revision history for this message
Dennis Kaarsemaker (dennis) wrote :

A new version of a package is not a critical bug.

Revision history for this message
John Eikenberry (jae) wrote :

Is it worth filing a separate bug for the security vulnerabilities in 1.5.0.1? Or is this bug going to be resolved before dapper making it redundant?

Revision history for this message
DarkMageZ (darkmagez) wrote :

Firefox 1.5.0.2 (or the individual security updates) will make it into 6.06 for the release. (to resolve security issues)
Since this is a Development version of ubuntu, security updates hold a similar priority to normal bugs.
The maintainer is likely to update to 1.5.0.2 to cover All the fixed bugs.

Filing individual bugs for each individual security issue would just be a waste because this bug allready covers them.

Revision history for this message
Satya Mishra (snmishra) wrote :

The update seems to be just an uupdate away.

Revision history for this message
Bruce Cowan (bruce89-deactivatedaccount) wrote :

This upload fixes it :
firefox (1.5.dfsg+1.5.0.2-0ubuntu1) dapper; urgency=low
 .
   * New upstream version, 1.5.0.2.
     Described as `stability and security fixes' by upstream but many
     changes are included and producing a complete list is infeasible :-(.
     Fixes are known to be included for:
     - MFSA 2006-29, CVE-2006-1725: Spoofing with translucent windows
     - MFSA 2006-28, CVE-2006-1726: Security check of
          js_ValueToFunctionObject() can be circumvented
     - MFSA 2006-27, CVE-2006-0748: Table Rebuilding Code Execution
          Vulnerability
     - MFSA 2006-25, CVE-2006-1727: Privilege escalation through Print Preview
     - MFSA 2006-24, CVE-2006-1728: Privilege escalation using
          crypto.generateCRMFRequest
     - MFSA 2006-23, CVE-2006-1729: File stealing by changing input type
     - MFSA 2006-22, CVE-2006-1730: CSS Letter-Spacing Heap Overflow
          Vulnerability
     - MFSA 2006-20, CVE-2006-1529, CVE-2006-1530, CVE-2006-1531,
       CVE-2006-1723, CVE-2006-1724: Crashes with evidence of memory
          corruption.
     This package is based on Debian's firefox_1.5.dfsg+1.5.0.2.orig.tar.gz
     but has none of the corresponding Debian changes.

Changed in firefox:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.