Ubuntu
firefox package

  1. Bug #39580
  2. Comment #8

Comment 8 for bug 39580

Revision history for this message
Bruce Cowan (bruce89-deactivatedaccount) wrote :

This upload fixes it :
firefox (1.5.dfsg+1.5.0.2-0ubuntu1) dapper; urgency=low
 .
   * New upstream version, 1.5.0.2.
     Described as `stability and security fixes' by upstream but many
     changes are included and producing a complete list is infeasible :-(.
     Fixes are known to be included for:
     - MFSA 2006-29, CVE-2006-1725: Spoofing with translucent windows
     - MFSA 2006-28, CVE-2006-1726: Security check of
          js_ValueToFunctionObject() can be circumvented
     - MFSA 2006-27, CVE-2006-0748: Table Rebuilding Code Execution
          Vulnerability
     - MFSA 2006-25, CVE-2006-1727: Privilege escalation through Print Preview
     - MFSA 2006-24, CVE-2006-1728: Privilege escalation using
          crypto.generateCRMFRequest
     - MFSA 2006-23, CVE-2006-1729: File stealing by changing input type
     - MFSA 2006-22, CVE-2006-1730: CSS Letter-Spacing Heap Overflow
          Vulnerability
     - MFSA 2006-20, CVE-2006-1529, CVE-2006-1530, CVE-2006-1531,
       CVE-2006-1723, CVE-2006-1724: Crashes with evidence of memory
          corruption.
     This package is based on Debian's firefox_1.5.dfsg+1.5.0.2.orig.tar.gz
     but has none of the corresponding Debian changes.