Changelog:
Fixed in Firefox ESR 10.0.9
MFSA 2012-89 defaultValue security checks not applied
Fixed in Firefox ESR 10.0.8
MFSA 2012-87 Use-after-free in the IME State Manager
MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer
MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
MFSA 2012-84 Spoofing and script injection through location.hash
MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
MFSA 2012-82 top object and location property accessible by plugins
MFSA 2012-81 GetProperty function can bypass security checks
MFSA 2012-79 DOS and crash with full screen and history navigation
MFSA 2012-77 Some DOMWindowUtils methods bypass security checks
MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)
MFSA 2012-59 Location object can be shadowed using Object.defineProperty
Changelog:
FIXED Security fixes can be found here
FIXED Stability fixes can be found here
FIXED Contenteditable breaks middle-click to open links (674770)
FIXED Allow specifying wildcard that matches all simple netbiosnames in network.automatic-ntlm-auth.trusted-uris (452781)
Fixed in Firefox ESR 10.0.7
MFSA 2012-72 Web console eval capable of executing chrome-privileged code
MFSA 2012-70 Location object security checks bypassed by chrome code
MFSA 2012-69 Incorrect site SSL certificate data display
MFSA 2012-67 Installer will launch incorrect executable following new installation
MFSA 2012-65 Out-of-bounds read in format-number in XSLT
MFSA 2012-63 SVG buffer overflow and use-after-free issues
MFSA 2012-62 WebGL use-after-free and memory corruption
MFSA 2012-61 Memory corruption with bitmap format images with negative height
MFSA 2012-58 Use-after-free issues found using Address Sanitizer
MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)
Changelog:
* Security fixes can be found
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer
MFSA 2012-39 NSS parsing errors with zero length items
MFSA 2012-38 Use-after-free while replacing/inserting a node in a document
MFSA 2012-37 Information disclosure though Windows file shares and shortcut files
MFSA 2012-36 Content Security Policy inline-script bypass
MFSA 2012-34 Miscellaneous memory safety hazards
* 10.5 Firefox top crash with signature [@ GLEngine@0x620cf ] (734848)
Patches from Bernd Ernesti on pkgsrc-users.
Changelog:
The following problems are fixed.
* Security fixes
* extensions.checkCompatibility.* prefs didn't work as expected
in ESR releases (734848)
* Firefox ESR 10.0.3 opened "Whats New" page after update (737535)
