Ubuntu
firefox package

[Firefox] security update release 2.0.0.8 available from upstream

  1. Hardy (8.04)
  2. Bug #154393
Bug #154393 reported by disabled.user
268
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Fix Released
High
Alexander Sack
Dapper
Fix Released
High
Kees Cook
Edgy
Fix Released
High
Kees Cook
Feisty
Fix Released
High
Kees Cook
Gutsy
Fix Released
High
Kees Cook
Hardy
Fix Released
High
Alexander Sack

Bug Description

Binary package hint: firefox

References:
http://www.mozilla-europe.org/de/products/firefox/2.0.0.8/releasenotes/
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.8

An updated version of Firefox, which fixes a number of security vulnerabilities, is available from upstream.

Please provide updated packages for the stable Ubuntu releases as soon as possible.

Revision history for this message
Alexander Sack (asac) wrote :

already uploaded to security team.

Changed in firefox:
importance: Undecided → Critical
status: New → Fix Committed
status: Fix Committed → In Progress
importance: Undecided → Critical
status: New → Fix Committed
importance: Undecided → Critical
status: New → Fix Committed
importance: Undecided → Critical
status: New → Fix Committed
importance: Undecided → Critical
status: New → Fix Committed
Revision history for this message
disabled.user (disabled.user-deactivatedaccount) wrote :

Well, that's great news for sure. Thank you very much!

Revision history for this message
Adrian Penisoara (adrian.penisoara) wrote :

Strangely, although the bug is marked as fixed (also) for Gutsy, up-to-date installation still have 2.0.0.6:

$ apt-cache show firefox
Package: firefox
Priority: optional
Section: web
Installed-Size: 26008
Maintainer: Alexander Sack <email address hidden>
Architecture: i386
Version: 2.0.0.6+2nobinonly-0ubuntu1

Also checked the apt archive and there is no 2.0.0.8 version present in main or universe repositories.
Could you please clarify ?

Revision history for this message
fzap (pflaumenmus92) wrote :

Dear maintainers,

before upstreaming for security reasons please consider the gecko rendering engine bug that comes with 2.0.0.8 version:

Firefox 2.0.0.8 - Float Containing/Clearing Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=400469

example: http://www.highresolution.info/webdesign/testcases/ff_floatingbug.htm

Revision history for this message
disabled.user (disabled.user-deactivatedaccount) wrote :

I've tested the package (amd64) from
deb http://ppa.launchpad.net/asac/ubuntu dapper main universe
which contains backports from the current Firefox to Dapper's 1.5 branch. It work's fine so far and also doesn't show any broken rendering - the above mentioned example looks just like it does in Konqueror.

Revision history for this message
Rafael Gattringer (rafael.gattringer) wrote :

Thank you, 2.0.0.8 is availiable via the regular update channel in Gutsy Final.

Check critical webpages (like portal logins, submission pages) for the CSS bug.

Suggested CSS workaround
http://www.456bereastreet.com/archive/200603/new_clearing_method_needed_for_ie7/

Fixed in Firefox 2.0.0.7 & 2.0.0.8
https://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.8

Bugzilla: Bug 391412 – Regression in float layout causing "clear:" to be ignored
https://bugzilla.mozilla.org/show_bug.cgi?id=391412

Bugzilla: Bug 400406 – Layout badly broken in 2.0.0.8, CSS issue with floats or negative margins or display property...
https://bugzilla.mozilla.org/show_bug.cgi?id=400406

Revision history for this message
FredBezies (fredbezies-deactivatedaccount) wrote :

By the way, a 2.0.0.9 version will be released next week to fix some of those regressions :

See http://developer.mozilla.org/devnews/index.php/2007/10/22/firefox-2008-update-to-be-updated/

Revision history for this message
Adrian Penisoara (adrian.penisoara) wrote :

Seen update to 2.0.0.8 in today's updates. Thank you.

Kees Cook (kees)
Changed in firefox:
assignee: nobody → keescook
importance: Critical → High
status: Fix Committed → Fix Released
assignee: nobody → keescook
importance: Critical → High
status: Fix Committed → Fix Released
assignee: nobody → keescook
importance: Critical → High
status: Fix Committed → Fix Released
assignee: nobody → keescook
importance: Critical → High
status: Fix Committed → Fix Released
assignee: nobody → asac
importance: Critical → High
Revision history for this message
Sarah Kowalik (hobbsee-deactivatedaccount) wrote :

firefox appears done in hardy. marking as fix released.

sarah@LongPointyStick:~$ policy firefox
firefox:
  Installed: 2.0.0.8+2nobinonly-0ubuntu3
  Candidate: 2.0.0.8+2nobinonly-0ubuntu3
  Version table:
 *** 2.0.0.8+2nobinonly-0ubuntu3 0
        500 http://mirror.pacific.net.au hardy/main Packages
        500 http://archive.ubuntu.com hardy/main Packages
        100 /var/lib/dpkg/status

Changed in firefox:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.