Accepted firefox 1.5.dfsg+ (source)

Ubuntu Installer archive at
Thu Mar 1 07:57:23 GMT 2007

 OK: firefox_1.5.dfsg+
     -> Component: main Section: web
 OK: firefox_1.5.dfsg+

Hash: SHA1

Format: 1.7
Date: Wed, 21 Feb 2007 18:05:00 -0800
Source: firefox
Binary: libnspr4 firefox-dom-inspector firefox-dev mozilla-firefox mozilla-firefox-dev libnss3 libnspr-dev firefox-gnome-support firefox-dbg libnss-dev firefox
Architecture: source
Version: 1.5.dfsg+
Distribution: dapper-security
Urgency: low
Maintainer: Eric Dorland <eric at>
Changed-By: Alexander Sack <asac at>
 firefox    - lightweight web browser based on Mozilla
 firefox-dbg - Debugging information for firefox
 firefox-dev - Development files for Mozilla Firefox
 firefox-dom-inspector - tool for inspecting the DOM of pages in Mozilla Firefox
 firefox-gnome-support - Support for Gnome in Mozilla Firefox
 libnspr-dev - Netscape Portable Runtime library - development files
 libnspr4   - Netscape Portable Runtime Library
 libnss-dev - Network Security Service Libraries - development
 libnss3    - Network Security Service Libraries - runtime
 mozilla-firefox - Transition package for firefox rename
 mozilla-firefox-dev - dummy transitional package
 firefox (1.5.dfsg+ dapper-security; urgency=low
   * New upstream security update:
   * MFSA2007-01 - Crashes with evidence of memory corruption
      - CVE-2007-0775 - layout engine crashes
      - CVE-2007-0776 - SVG
      - CVE-2007-0777 - javascript engine corruption
   * MFSA2007-02 - Improvements to help protect against Cross-Site
     Scripting attacks:
      - CVE-2007-0995 - Invalid trailing characters in HTML tag attributes
      - CVE-2007-0996 - Child frame character set inheritance
      - CVE-2006-6077 - Injected password forms
   * MFSA2007-03 aka CVE-2007-0778: Information disclosure through cache
   * MFSA2007-04 aka CVE-2007-0779: Spoofing using custom cursor and CSS3
   * MFSA2007-05 aka CVE-2007-0780, CVE-2007-0800: XSS and local file access
     by opening blocked popups
   * MFSA2007-06 aka CVE-2007-0008, CVE-2007-0009: Mozilla Network Security
     Services (NSS) SSLv2 buffer overflow
   * MFSA2007-07 aka CVE-2007-0981: Embedded nulls in location.hostname
     confuse same-domain checks
   * security/nss/lib/freebl/unix_rand.c: dropping preprocessor condition
     as an equivalent check has been introduced upstream (#ifndef LINUX
     -> #ifdef DO_NETSTAT)
   * security/coreconf/ adapted patch to changed upstream code base
   * security/coreconf/ dropping ppc64 OS_TEST as it has been
     applied upstream
   * toolkit/components/passwordmgr/base/nsPasswordManager.cpp: adapting
     patch to updated code-base.
 1625dcf8053738851d0a2978b6f0e315 1120 web optional firefox_1.5.dfsg+
 396588ea856af87e8137682342648d1d 177547 web optional firefox_1.5.dfsg+

Version: GnuPG v1.4.6 (GNU/Linux)


More information about the dapper-changes mailing list