Fixed in Firefox 1.5.0.10
MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks
MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
MFSA 2007-05 XSS and local file access by opening blocked popups
MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
MFSA 2007-03 Information disclosure through cache collisions
MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks
MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)
For more info, see http://www.mozilla.com/en-US/firefox/releases/1.5.0.10.html
MFSA 2006-75 RSS Feed-preview referrer leak
MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
MFSA 2006-72 XSS by setting img.src to javascript: URI
MFSA 2006-71 LiveConnect crash finalizing JS objects
MFSA 2006-70 Privilege escallation using watch point
MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)
For more info, see http://www.mozilla.com/en-US/firefox/releases/1.5.0.9.html
update firefox-bin and firefox2-bin to override MOZ_DIR to point
to the binary Linux distribution; kill their own MASTER_SITES
now firefox-bin and firefox2-bin automaticaly pick up mirror
changes in the master script
MFSA 2006-67 Running Script can be recompiled
MFSA 2006-66 RSA signature forgery (variant)
MFSA 2006-65 Crashes with evidence of memory corruption (rv:1.8.0.8)
For more info, see http://www.mozilla.com/en-US/firefox/releases/1.5.0.8.html
* Universal Binary support for Mac OS X which provides native support
for Macintosh with Intel Core processors. Firefox supports the
enhancements to performance introduced by the new MacIntel chipsets.
* Improvements to product stability.
* Several security fixes.
* Improved stability.
* Improved support for Mac OS X.
* International Domain Name support for Iceland (.is) is now enabled.
* Fixes for several memory leaks.
* Several security enhancements.
Changes:
- Automated update to streamline product upgrades. Notification of an
update is more prominent, and updates to Firefox may now be half a
megabyte or smaller. Updating extensions has also improved.
- Faster browser navigation with improvements to back and forward button
performance.
- Drag and drop reordering for browser tabs.
- Improvements to popup blocking.
- Clear Private Data feature provides an easy way to quickly remove
personal data through a menu item or keyboard shortcut.
- Answers.com is added to the search engine list.
- Improvements to product usability including descriptive error pages,
redesigned options menu, RSS discovery, and "Safe Mode" experience.
- Better accessibility including support for DHTML accessibility and
assistive technologies such as the Window-Eyes 5.5 beta screen reader
for Microsoft Windows. Screen readers read aloud all available
information in applications and documents or show the information on
a Braille display, enabling blind and visually impaired users to use
equivalent software functionality as their sighted peers.
- Report a broken Web site wizard to report Web sites that are not
working in Firefox.
- Better support for Mac OS X (10.2 and greater) including profile
migration from Safari and Mac Internet Explorer.
- New support for Web Standards including SVG, CSS 2 and CSS 3, and
JavaScript 1.6.
- Many security enhancements.
Full release notes: http://www.mozilla.com/firefox/releases/1.5.html
XXX: Solaris packages available, need work.
- Fix for a potential buffer overflow vulnerability when loading a
hostname with all soft-hyphens
- Fix to prevent URLs passed from external programs from being parsed
by the shell
- Fix to prevent a crash when loading a Proxy Auto-Config (PAC) script
that uses an "eval" statement
- Fix to restore InstallTrigger.getVersion() for Extension authors
- Other stability and security fixes
this release fixes the following security issues:
MFSA 2005-56 Code execution through shared function objects
MFSA 2005-55 XHTML node spoofing
MFSA 2005-54 Javascript prompt origin spoofing
MFSA 2005-53 Standalone applications can run arbitrary code through the browser
MFSA 2005-52 Same origin violation: frame calling top.focus()
MFSA 2005-51 The return of frame-injection spoofing
MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo()
MFSA 2005-49 Script injection from Firefox sidebar panel using data:
MFSA 2005-48 Same-origin violation with InstallTrigger callback
MFSA 2005-47 Code execution via "Set as Wallpaper"
MFSA 2005-46 XBL scripts ran even when Javascript disabled
MFSA 2005-45 Content-generated event vulnerabilities
package to match.
There are no firefox gtk1 binary packages for linux any longer, so
no need to keep two different -bin packages around.
This way it also matches the non-bin firefox packages.
Notes:
* NetBSD-native version not available, this can be used only with
MOZILLA_USE_LINUX
* Linux sets MOZ_GTK2, gtk1-compiled version doesn't appear to be available
* Solaris not tested
Linux tested - there are no NetBSD builds so far and the Linux builds
require glibc-2.3 which isn't in pkgsrc so does not work out of the
box on NetBSD yet.
changes since 0.8 can be found at:
http://www.mozilla.org/products/firefox/releases/0.9.html
This is (right now) a Linux binary package.
Mozilla Firebird has been renamed to Firefox, and this package will
obsolete MozillaFirebird when Solaris and NetBSD builds become
available.
