Ubuntu
firefox package

Update Firefox to 2.0.0.1

Bug #76606 reported by Marco Paulo Martins Sousa on 2006-12-20

274

Affects		Status	Importance	Assigned to	Milestone
	firefox (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Binary package hint: firefox

New upstream release of Firefox 2.0.0.1.

Notify ubuntu Firefox maintainer

Release Notes: http://www.mozilla.com/en-US/firefox/2.0.0.1/releasenotes/

Fixed in Firefox 2.0.0.1: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.1

HomePage: http://www.mozilla.com/en-US/firefox/

CVE References

Marco Paulo Martins Sousa (marcomsousa) on 2006-12-21

Changed in firefox:
status:	Unconfirmed → Confirmed

Revision history for this message

Matti Lindell (mlind) wrote on 2006-12-21:

firefox (2.0.0.1+0dfsg-0ubuntu1) feisty; urgency=low
.
   * New upstream security update:
     - CVE-2006-6507, MFSA 2006-76: XSS using outer window's Function object.
     - CVE-2006-6506, MFSA 2006-75: RSS Feed-preview referrer leak.
     - CVE-2006-6504, MFSA 2006-73: SVG Processing Remote Code Execution.
     - CVE-2006-6503, MFSA 2006-72: XSS by setting img.src to javascript: URI.
     - CVE-2006-6502, MFSA 2006-71: LiveConnect crash finalizing JS objects.
     - CVE-2006-6501, MFSA 2006-70: Privilege escallation using watch point.
     - CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, MFSA 2006-68: Crashes
       with evidence of memory corruption.
   * debian/rules: use original upstream icons (Closes LP#68180).
   * debian/debsearch.src: make feisty the default debsearch target.
   * browser/base/content/utilityOverlay.js: change Launchpad translation/help
     pages for Feisty.

Changed in firefox:
status:	Confirmed → Fix Released

Revision history for this message

David Megginson (david-megginson) wrote on 2006-12-29:

This update may be a high priority -- it's possible that the XSS hole it patches has been actively exploited and resulted in data loss for Gmail users:

http://www.techcrunch.com/2006/12/28/gmail-disaster-reports-of-mass-email-deletions/

Robby (mail-otr-exchange) on 2007-01-02

Changed in firefox:
status:	Fix Released → Unconfirmed

Robby (mail-otr-exchange) on 2007-01-03

Changed in firefox:
status:	Unconfirmed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicates of this bug

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntufirefox package