23809 2010-07-25 01:18:01 +0400 Обновить firefox 2010-09-16 15:26:37 +0400 1 1 3 Distributions Branch p5 cross-component unspecified all Linux CLOSED FIXED P3 critical --- 24053 1 aen nobody cas dkoryavov oddity qa-p5 oldest_to_newest 110786 0 aen 2010-07-25 01:18:01 +0400 Собрать 3.5.11 111789 1 oddity 2010-09-01 02:45:17 +0400 Текущая версия 3.5.9 содержит 20 уязвимостей, более десятка из них - критические. 111790 2 oddity 2010-09-01 02:51:26 +0400 Кроме того, на сколько я понимаю, текущая версия 3.5.9 собрана неправильно, со старой версией xulrunner (1.9.1.8) и, соответственно все ещё содержит ошибки исправленные в 3.5.9 (+ ещё 5 критических уязвимостей). Посему нужно не забыть собрать xulrunner 1.9.1.11 111818 3 cas 2010-09-01 16:31:04 +0400 Соберу 3.6.x 112027 4 repository-robot 2010-09-09 11:02:33 +0400 firefox-3.6-3.6.9-alt0.20100725.M50P.1 -> p5: * Mon Sep 06 2010 Andrey Cherepanov <cas@altlinux> 3.6.9-alt0.20100725.M50P.1 - backport to p5 branch (new version with security fixes) (closes: #23809) * Thu Jul 29 2010 Alexey Gladkov <legion@altlinux> 3.6.9-alt1.20100725 - New release (3.6.8). - Fixed: + MFSA 2010-48 Dangling pointer crash regression from plugin parameter array fix + MFSA 2010-47 Cross-origin data leakage from script filename in error messages + MFSA 2010-46 Cross-domain data theft using CSS + MFSA 2010-45 Multiple location bar spoofing vulnerabilities + MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish + MFSA 2010-43 Same-origin bypass using canvas context + MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts + MFSA 2010-41 Remote code execution using malformed PNG image + MFSA 2010-40 nsTreeSelection dangling pointer remote code execution vulnerability + MFSA 2010-39 nsCSSValue::Array index integer overflow + MFSA 2010-38 Arbitrary code execution using SJOW and fast native function + MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability + MFSA 2010-36 Use-after-free error in NodeIterator + MFSA 2010-35 DOM attribute cloning remote code execution vulnerability + MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11) * Sun Jun 27 2010 Alexey Gladkov <legion@altlinux> 3.6.6-alt1.20100626 - New release (3.6.6). - Fixed: + MFSA 2010-33 User tracking across sites using Math.random() + MFSA 2010-32 Content-Disposition: attachment ignored if Content-Type: multipart also present + MFSA 2010-31 focus() behavior can be used to inject or steal keystrokes + MFSA 2010-30 Integer Overflow in XSLT Node Sorting + MFSA 2010-29 Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal + MFSA 2010-28 Freed object reuse across plugin instances + MFSA 2010-26 Crashes with evidence of memory corruption (rv:1.9.2.4/ 1.9.1.10) 112045 5 oddity 2010-09-10 00:04:58 +0400 По иронии судьбы вышла уже 3.6.9 версия с новыми критическими исправлениями :) 112060 6 dkoryavov 2010-09-10 14:08:42 +0400 Так же, у 3.6 проблемы - после некоторого времени использования на p5, почему-то перестает реагировать главное меню (вернее реагирует но с задержкой 5-10 секунд и сам firefox ооочень тормозит). Иногда, проявляется сразу, иногда, через неделю использования. 112217 7 repository-robot 2010-09-16 15:26:37 +0400 firefox-3.6-3.6.9-alt0.20100725.M50P.1 -> 5.1: * Mon Sep 06 2010 Andrey Cherepanov <cas@altlinux> 3.6.9-alt0.20100725.M50P.1 - backport to p5 branch (new version with security fixes) (closes: #23809) * Thu Jul 29 2010 Alexey Gladkov <legion@altlinux> 3.6.9-alt1.20100725 - New release (3.6.8). - Fixed: + MFSA 2010-48 Dangling pointer crash regression from plugin parameter array fix + MFSA 2010-47 Cross-origin data leakage from script filename in error messages + MFSA 2010-46 Cross-domain data theft using CSS + MFSA 2010-45 Multiple location bar spoofing vulnerabilities + MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish + MFSA 2010-43 Same-origin bypass using canvas context + MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts + MFSA 2010-41 Remote code execution using malformed PNG image + MFSA 2010-40 nsTreeSelection dangling pointer remote code execution vulnerability + MFSA 2010-39 nsCSSValue::Array index integer overflow + MFSA 2010-38 Arbitrary code execution using SJOW and fast native function + MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability + MFSA 2010-36 Use-after-free error in NodeIterator + MFSA 2010-35 DOM attribute cloning remote code execution vulnerability + MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11) * Sun Jun 27 2010 Alexey Gladkov <legion@altlinux> 3.6.6-alt1.20100626 - New release (3.6.6). - Fixed: + MFSA 2010-33 User tracking across sites using Math.random() + MFSA 2010-32 Content-Disposition: attachment ignored if Content-Type: multipart also present + MFSA 2010-31 focus() behavior can be used to inject or steal keystrokes + MFSA 2010-30 Integer Overflow in XSLT Node Sorting + MFSA 2010-29 Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal + MFSA 2010-28 Freed object reuse across plugin instances + MFSA 2010-26 Crashes with evidence of memory corruption (rv:1.9.2.4/ 1.9.1.10)