Security fixes in this version:
MFSA 2007-17 XUL Popup Spoofing
MFSA 2007-16 XSS using addEventListener
MFSA 2007-14 Path Abuse in Cookies
MFSA 2007-13 Persistent Autocomplete Denial of Service
MFSA 2007-12 Crashes with evidence of memory corruption
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.4/releasenotes/
the exact names of the freebl libraries depends on the platform and they
have a habit of changing even on minor releases. This causes these mozilla
packages to be broken quite a lot on platforms other than NetBSD/i386.
Hopefully this fix will last longer than previous ones. pkgrevision bumps
all around.
Fixed in Firefox 1.5.0.10
MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks
MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
MFSA 2007-05 XSS and local file access by opening blocked popups
MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
MFSA 2007-03 Information disclosure through cache collisions
MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks
MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)
For more info, see http://www.mozilla.com/en-US/firefox/releases/1.5.0.10.html
two issues. The PLIST was incorrect and since the PLIST is used by
the "moz-install" script, anything missing from the PLIST is never
installed even when building from source. When libfreebl* were not
installed it caused the clients to fail to load the security component
and fail with "The browser failed to load its security component".
The second issue is that many installations of solaris-2.9 include
various glib/gtk/gnome libraries in /usr/lib. This causes failures
because the pkgsrc ones were used at link time and the /usr/lib ones
at run time. Work around this by setting a LD_LIBRARY_PATH that includes
the pkgsrc lib directory first.
pkgrevision bumps all around.
MFSA 2006-67 Running Script can be recompiled
MFSA 2006-66 RSA signature forgery (variant)
MFSA 2006-65 Crashes with evidence of memory corruption (rv:1.8.0.8)
For more info, see http://www.mozilla.com/en-US/firefox/releases/1.5.0.8.html
talking to ipv4 addresses using ipv6 addresses isn't allowed, which is
the default on NetBSD. Patch to use a v4 socket when talking to an ipv4
ldap server. Fixes my PR 33511.
seamonkey/firefox/sunbird have the same code so make the same patch.
OKed ghen. Bump PKGREVISION.
What's new:
* Improved stability.
* Improved support for Mac OS X.
* International Domain Name support for Iceland (.is) is now enabled.
* Fixes for several memory leaks.
* Several security enhancements.
For a more detailed list changes, see http://www.squarefree.com/burningedge/releases/1.5.0.1.html
Ok with wiz.
Including fix for long title & history file problem.
http://www.mozilla.org/security/history-title.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=319004
What's New in Firefox 1.5
Firefox 1.5 is the next version of our award-winning Web browser.
Here's what's new in Firefox 1.5:
* Automated update to streamline product upgrades. Notification of an
update is more prominent, and updates to Firefox may now be half a
megabyte or smaller. Updating extensions has also improved.
* Faster browser navigation with improvements to back and forward
button performance.
* Drag and drop reordering for browser tabs.
* Improvements to popup blocking.
* Clear Private Data feature provides an easy way to quickly remove
personal data through a menu item or keyboard shortcut.
* Answers.com is added to the search engine list.
* Improvements to product usability including descriptive error pages,
redesigned options menu, RSS discovery, and "Safe Mode" experience.
* Better accessibility including support for DHTML accessibility and
assistive technologies such as the Window-Eyes 5.5 beta screen reader
for Microsoft Windows. Screen readers read aloud all available
information in applications and documents or show the information on a
Braille display, enabling blind and visually impaired users to use
equivalent software functionality as their sighted peers.
* Report a broken Web site wizard to report Web sites that are not
working in Firefox.
* Better support for Mac OS X (10.2 and greater) including profile
migration from Safari and Mac Internet Explorer.
* New support for Web Standards including SVG, CSS 2 and CSS 3, and
JavaScript 1.6.
* Many security enhancements.
The Burning Edge has more detailed lists of new features and notable bug fixes.
http://www.squarefree.com/burningedge/releases/1.5-comprehensive.html
version 1.0.6 include:
* Fix for a potential buffer overflow vulnerability when loading a
hostname with all soft-hyphens
* Fix to prevent URLs passed from external programs from being
parsed by the shell (Linux only)
* Fix to prevent a crash when loading a Proxy Auto-Config (PAC)
script that uses an "eval" statement
* Fix to restore InstallTrigger.getVersion() for Extension authors
* Other stability and security fixes
Approved by taya.
registration out of the installation step and into the INSTALL script.
Also, remove the registration commands from the PLIST as well. Putting
them into the INSTALL script allows for the same commands to be run
in the same way, so that there are fewer differences between installing
from source and installing from a binary package. Also, this makes
these packages pass CHECK_FILES=yes. Bump the PKGREVISION of firefox,
firefox-gtk1, mozilla, and mozilla-gtk2.
Also, include bsd.pkg.mk from the package Makefiles, not from within
Makefile.common. This is a style issue and allows for appending to
variables originally defined in Makefile.common from the package
Makefile.
NetBSD the thread safe resolver is only available on __NetBSD_Version__
>= 299000900. Fixes runtime usage on NetBSD 2.1. New Versions:
- firefox-1.0.6nb2
- firefox-gtk1-1.0.6nb2
- mozilla-1.7.11nb1
- mozilla-gtk2-1.7.11nb1
- thunderbird-1.0.6nb1
- thunderbird-gtk1-1.0.6nb1
a powerpc architecture (e.g. NetBSD-mapcppc). This cures display glitches
(e.g. text appearing at the wrong location). Bump package revision
because of this change.
And switched to use gtk2.
Changes from release notes:
* Improved stability
* International Domain Names are now displayed as punycode.
(To show International Domain Names in Unicode, set the
"network.IDN_show_punycode" preference to false.)
* Several security fixes.
MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-22 Download dialog spoofing using Content-Disposition header
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-19 Autocomplete data leak
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing
From the article from mozillazine.org:
mozilla.org today released upgrades to both Firefox 0.9 (0.9.1) and
Thunderbird 0.7 (0.7.1) to fix some minor bugs present in both
releases. Both releases correct some flaws in the extension system
that some users may have been experiencing, as well as a new icon set
for the navigation toolbar on Windows and Linux in Firefox 0.9.1. All
users of both products should get this upgrade.
Here's what's new in this release of Firefox:
* New Default Theme
An updated Default Theme now presents a uniform appearance across all
three platforms - a new crisp, clear look for Windows
users. Finetuning for GNOME will follow in future releases.
* Comprehensive Data Migration
Switching to Firefox has never been easier now that Firefox imports
data like Favorites, History, Settings, Cookies and Passwords from
Internet Explorer. Firefox can also import from Mozilla 1.x, Netscape
4.x, 6.x and 7.x, and Opera. MacOS X and Linux migrators for browsers
like Safari, OmniWeb, Konqueror etc. will arrive in future releases.
* Extension/Theme Manager
New Extension and Theme Managers provide a convenient way to manage
and update your add-ons. SmartUpdate also notifies you of updates to
Firefox.
* Help
A new online help system is available.
* Lots of bug fixes and improvements
Copy Image, the ability to delete individual items from Autocomplete
lists, SMB/SFTP support on GNOME via gnome-vfs, better Bookmarks,
Search and many other refinements fine tune the browsing experience.
For Linux/GTK2 Users
* Look and Feel Updates
Ongoing improvements have been made to improve the way Firefox adheres
to your GTK2 themes, such as menus.
* Talkback for GTK2
Help us nail down crashes by submitting talkback reports with this
crash reporting tool.
in PR pkg/24603.
Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems. It is
small, fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.
Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.
