sdkp2-gecko-sdkSecurity update for MozillaSecurity update for MozillaThis update backports lots of security fixes to
mozilla-xulrunner package of SLES 10.
It contains among others the following security fixes: MFSA
2008-45 / CVE-2008-4069: XBM image uninitialized memory
reading
MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource:
traversal vulnerabilities
MFSA 2008-43: BOM characters stripped from JavaScript
before execution CVE-2008-4065: Stripped BOM characters bug
CVE-2008-4066: HTML escaped low surrogates bug
MFSA 2008-42 Crashes with evidence of memory corruption
(rv:1.9.0.2/1.8.1.17): CVE-2008-4061: Jesse Ruderman
reported a crash in the layout engine. CVE-2008-4062: Igor
Bukanov, Philip Taylor, Georgi Guninski, and Antoine Labour
reported crashes in the JavaScript engine. CVE-2008-4063:
Jesse Ruderman, Bob Clary, and Martijn Wargers reported
crashes in the layout engine which only affected Firefox 3.
CVE-2008-4064: David Maciejak and Drew Yao reported crashes
in graphics rendering which only affected Firefox 3.
MFSA 2008-41 Privilege escalation via XPCnativeWrapper
pollution CVE-2008-4058: XPCnativeWrapper pollution bugs
CVE-2008-4059: XPCnativeWrapper pollution (Firefox 2)
CVE-2008-4060: Documents without script handling objects
MFSA 2008-40 / CVE-2008-3837: Forced mouse drag
MFSA 2008-39 / CVE-2008-3836: Privilege escalation using
feed preview page and XSS flaw
MFSA 2008-38 / CVE-2008-3835:
nsXMLDocument::OnChannelRedirect() same-origin violation
MFSA 2008-37 / CVE-2008-0016: UTF-8 URL stack buffer
overflow
For more details:
http://www.mozilla.org/security/known-vulnerabilities/firefo
x20.html
This update backports lots of security fixes to
mozilla-xulrunner package of SLES 10.
It contains among others the following security fixes: MFSA
2008-45 / CVE-2008-4069: XBM image uninitialized memory
reading
MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource:
traversal vulnerabilities
MFSA 2008-43: BOM characters stripped from JavaScript
before execution CVE-2008-4065: Stripped BOM characters bug
CVE-2008-4066: HTML escaped low surrogates bug
MFSA 2008-42 Crashes with evidence of memory corruption
(rv:1.9.0.2/1.8.1.17): CVE-2008-4061: Jesse Ruderman
reported a crash in the layout engine. CVE-2008-4062: Igor
Bukanov, Philip Taylor, Georgi Guninski, and Antoine Labour
reported crashes in the JavaScript engine. CVE-2008-4063:
Jesse Ruderman, Bob Clary, and Martijn Wargers reported
crashes in the layout engine which only affected Firefox 3.
CVE-2008-4064: David Maciejak and Drew Yao reported crashes
in graphics rendering which only affected Firefox 3.
MFSA 2008-41 Privilege escalation via XPCnativeWrapper
pollution CVE-2008-4058: XPCnativeWrapper pollution bugs
CVE-2008-4059: XPCnativeWrapper pollution (Firefox 2)
CVE-2008-4060: Documents without script handling objects
MFSA 2008-40 / CVE-2008-3837: Forced mouse drag
MFSA 2008-39 / CVE-2008-3836: Privilege escalation using
feed preview page and XSS flaw
MFSA 2008-38 / CVE-2008-3835:
nsXMLDocument::OnChannelRedirect() same-origin violation
MFSA 2008-37 / CVE-2008-0016: UTF-8 URL stack buffer
overflow
For more details:
http://www.mozilla.org/security/known-vulnerabilities/firefo
x20.html
securitygecko-sdki586a62a14020ca0174a1f761d479e39ced861cf1850