upgrade to firefox 2.0.0.9

please take off the bug contact list or let me know what I have to do to get my name off.

Thank you,

----- Original Message ----
From: FredBezies <email address hidden>
To: <email address hidden>
Sent: Thursday, November 8, 2007 2:57:29 AM
Subject: [Bug 160895] upgrade to firefox 2.0.0.9

Public bug reported:

Binary package hint: firefox

It would be great to have firefox 2.0.0.9 as a security upgrade for
Ubuntu gutsy gibbon. 2.0.0.9 was released last week, on 1st november :

http://developer.mozilla.org/devnews/index.php/2007/11/01/firefox-2009
-stability-update-now-available-for-download/

And it is not, like for firefox 2.0.0.7 a windows only release.

So, please ? ;)

Thanks a lot !

** Affects: firefox (Ubuntu)
     Importance: Undecided
         Status: New

--
upgrade to firefox 2.0.0.9
https://bugs.launchpad.net/bugs/160895
You received this bug notification because you are a bug contact for
firefox in ubuntu.

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

Just log in, go to this bug and click on unsuscribe option.

On Thu, Nov 08, 2007 at 08:57:29AM -0000, FredBezies wrote:
> Public bug reported:
>
> Binary package hint: firefox
>
> It would be great to have firefox 2.0.0.9 as a security upgrade for
> Ubuntu gutsy gibbon. 2.0.0.9 was released last week, on 1st november :

This is not a security update, but _just_ a stability upgrade for
regressions introduced in 2.0.0.8. We will do it anyway next week.

 - Alexander

Another option is to use Ubuntuzilla. You can find instructions here: http://ubuntuzilla.wiki.sourceforge.net/

Joe please dont advise that on official bugs, it is unsupported by ubuntu and has caused alot issues in past. When we get a few minutes we will get it in gutsy but we have alot of stuff we are working on. We will have it in Gutsy as soon as we can.

I'm writing just to remind you, that 2.0.0.9 is still not there

Maybe we should ask for 2.0.0.10, there is candidate builds in the mozilla ftp.

this was in an earlier version of @risk newsletter:
(November 5th 2007)
@RISK: The Consensus Security Vulnerability Alert Vol. 6 No. 45

(4) HIGH: Mozilla Firefox Arbitrary Script Execution Vulnerability
Affected:
Mozilla Firefox versions 2.0.0.8 and prior

Description: Mozilla Firefox contains a vulnerability in its handling
of JavaScript. A specially crafted web page could bypass domain
restrictions an allow an attacker to execute arbitrary JavaScript in a
security domain different from that in which it was loaded. This could
allow an attacker to alter the user interface or potentially execute
arbitrary code with the privileges of the current user. Some technical
details and a proof-of-concept are available for this vulnerability.
Additionally, technical details may be available via source code
analysis. Other Mozilla products, such as Thunderbird and SeaMonkey may
also be affected.

Status: Mozilla has not confirmed, no updates available.

References:
Posting by The Hacker Webzine
http://www.0x000000.com/index.php?i=465
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/26283.html
SecurityFocus BID
http://www.securityfocus.com/bid/26283

It's not confirmed though, 2.0.0.9 is just a stability update:
Firefox 2.0.0.9 stability update now available for download

Nevertheless, it's widely used as a default browser, Ubuntu should support a stability update in order to be more efficient.
Or at least put it in backports :)

I think that this bug report is obsolete as of today
$ apt-get policy firefox

firefox:
  Installed: 2.0.0.10+2nobinonly-0ubuntu1.7.10.1
  Candidate: 2.0.0.10+2nobinonly-0ubuntu1.7.10.1
  Version table:
 *** 2.0.0.10+2nobinonly-0ubuntu1.7.10.1 0
        500 http://security.ubuntu.com gutsy-security/main Packages
        100 /var/lib/dpkg/status
     2.0.0.8+2nobinonly-0ubuntu1 0
        500 http://uk.archive.ubuntu.com gutsy-updates/main Packages
     2.0.0.6+2nobinonly-0ubuntu1 0
        500 http://uk.archive.ubuntu.com gutsy/main Packages

https://launchpad.net/ubuntu/gutsy/+source/firefox/2.0.0.10+2nobinonly-0ubuntu1.7.10.1

unsubscribe