xulrunner 1.9.2.19
XUL Runtime for Gecko Applications
Packager: Pardus
License: MPL-1.1
Actions
Binary packages
Release history
| Release | Release date | Version | Updater | Comment |
|---|---|---|---|---|
| 42 | 2011-08-03 | 1.9.2.19 | Gökçen Eraslan | Version bump to latest security update: * Cookie isolation error * Multiple dangling pointer vulnerabilities * Integer overflow and arbitrary code execution in Array.reduceRight() * Memory corruption due to multipart/x-mixed-replace images * Use-after-free vulnerability when viewing XUL document with script disabled * Miscellaneous memory safety hazards * XSLT generate-id() function heap address leak * Directory traversal in resource: protocol * Escalation of privilege through Java Embedding Plugin * Information stealing via form history * Multiple dangling pointer vulnerabilities * Miscellaneous memory safety hazards |
| 41 | 2011-03-27 | 1.9.2.16 | Gökçen Eraslan | * Firefox 3.6.16 blacklists a few invalid HTTPS certificates. |
| 40 | 2011-03-11 | 1.9.2.15 | Gökçen Eraslan | * CSRF risk with plugins and 307 redirects * Crash caused by corrupted JPEG image * ParanoidFragmentSink allows javascript: URLs in chrome documents * Use-after-free error using Web Workers * Buffer overflow in JavaScript atom map * Buffer overflow in JavaScript upvarMap * Use-after-free error in JSON.stringify * Recursive eval call causes confirm dialogs to evaluate to true * Miscellaneous memory safety hazards * Fixed several stability issues. * Fixed an issue where some Java applets would fail to load in Firefox 3.6.14 |
| 39 | 2011-01-29 | 1.9.2.13 | Gökçen Eraslan | * Mark /etc/gre.d as data instead of config to prevent bugs like #16343. * Add COMAR postinstall to register Xulrunner globally. |
| 38 | 2010-12-11 | 1.9.2.13 | Gökçen Eraslan | Bump to latest security release to fix several security issues, #15557: * XSS hazard in multiple character encodings * Location bar SSL spoofing using network error page * Incomplete fix for CVE-2010-0179 * Integer overflow vulnerability in NewIdArray * Use-after-free error with nsDOMAttribute MutationObserver * Java security bypass from LiveConnect loaded via data: URL meta refresh * Add support for OTS font sanitizer * Crash and remote code execution using HTML tags inside a XUL tree * Chrome privilege escalation with window.open and isindex element * Buffer overflow while line breaking after document.write with long string * Miscellaneous memory safety hazards |
| 37 | 2010-10-28 | 1.9.2.12 | Gökçen Eraslan | Bump to latest security release to fix CVE-2010-3765: * Interleaving document.write and appendChild can lead to duplicate text frames and overrunning of text run buffers. |
| 36 | 2010-10-20 | 1.9.2.11 | Gökçen Eraslan | MFSA 2010-72 Insecure Diffie-Hellman key exchange MFSA 2010-71 Unsafe library loading vulnerabilities MFSA 2010-70 SSL wildcard certificate matching IP addresses MFSA 2010-69 Cross-site information disclosure via modal calls MFSA 2010-68 XSS in gopher parser when parsing hrefs MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter MFSA 2010-66 Use-after-free error in nsBarProp MFSA 2010-65 Buffer overflow and memory corruption using document.write MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14) |
| 35 | 2010-09-15 | 1.9.2.9 | Gökçen Eraslan | - Version bump to new release: * Introduced support for the X-FRAME-OPTIONS HTTP response header. Site owners can use this to mitigate clickjacking attacks by ensuring that their content is not embedded into other sites. * Fixed several security issues. * Fixed several stability issues. |
| 34 | 2010-08-05 | 1.9.2.8 | Gökçen Eraslan | - Version bump to new release: * Dangling pointer crash regression from plugin parameter array fix * Cross-origin data leakage from script filename in error messages * Cross-domain data theft using CSS * Multiple location bar spoofing vulnerabilities * Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish * Same-origin bypass using canvas context * Cross-origin data disclosure via Web Workers and importScripts * Remote code execution using malformed PNG image * nsTreeSelection dangling pointer remote code execution vulnerability * nsCSSValue::Array index integer overflow * Arbitrary code execution using SJOW and fast native function * Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability * Use-after-free error in NodeIterator * DOM attribute cloning remote code execution vulnerability * Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11) |
| 33 | 2010-06-29 | 1.9.2.6 | Gökçen Eraslan | Version bump to new release which just increases hang detector timeout (http://www.mozilla.com/en-US/firefox/3.6.6/releasenotes/) |
| 32 | 2010-06-18 | 1.9.2.4 | Gökçen Eraslan | - Version bump to new release: * Firefox 3.6.4 provides uninterrupted browsing for Linux users when there is a crash in plugins. * Fixed several security issues. * Fixed several stability issues. |
| 31 | 2010-04-21 | 1.9.2.3 | Gökçen Eraslan | Version bump to new release. Also change Xulrunner path as xulrunner-1.9.x instead of xulrunner-1.9. |
| 30 | 2010-04-01 | 1.9.2.2 | Gökçen Eraslan | Version bump to new security release. reverseDependencyUpdate is added since 1.9.2 series breaks API/ABI. |
| 29 | 2010-04-01 | 1.9.2 | Gökçen Eraslan | Version bump to new release. |
| 28 | 2010-03-30 | 1.9.1.9 | Gökçen Eraslan | Bump to new security release. |
| 27 | 2010-02-23 | 1.9.1.8 | Gökçen Eraslan | Bump to new security release (#12316): * XSS hazard using SVG document and binary Content-Type * XSS due to window.dialogArguments being readable cross-domain * Use-after-free crash in HTML parser * Web Worker Array Handling Heap Corruption Vulnerability * Crashes with evidence of memory corruption (rv:1.9.1.8/ 1.9.0.18) |
| 26 | 2010-01-07 | 1.9.1.7 | Gökçen Eraslan | Version bump to new stability release: * DNS resolution in MakeSN of nsAuthSSPI causing issues for proxy servers that support NTLM auth |
| 25 | 2009-12-14 | 1.9.1.6 | Onur Küçük | Depend strictly on new gtk2 |
| 24 | 2009-12-14 | 1.9.1.6 | Gökçen Eraslan | Version bump to latest bugfix release. |
| 23 | 2009-10-30 | 1.9.1.4 | Gökçen Eraslan | Version bump to latest security release, #11473: * MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15) * MFSA 2009-63 Upgrade media libraries to fix memory safety bugs * MFSA 2009-62 Download filename spoofing with RTL override * MFSA 2009-61 Cross-origin data theft through document.getSelection() * MFSA 2009-59 Heap buffer overflow in string to number conversion * MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS() * MFSA 2009-56 Heap buffer overflow in GIF color map parser * MFSA 2009-55 Crash in proxy auto-configuration regexp parsing * MFSA 2009-54 Crash with recursive web-worker calls * MFSA 2009-53 Local downloaded file tampering * MFSA 2009-52 Form history vulnerable to stealing |
| 22 | 2009-09-10 | 1.9.1.3 | Gökçen Eraslan | Version bump to latest security release, CVE-2009-3070, #11144. |
| 21 | 2009-08-10 | 1.9.1.2 | Gökçen Eraslan | Version bump to latest security release. |
| 20 | 2009-07-27 | 1.9.1.1 | Gökçen Eraslan | Add jemalloc fix from Mozilla bugzilla for Flash fullscreen crash bug. |
| 19 | 2009-07-17 | 1.9.1.1 | Gökçen Eraslan | Remove postRemove script, it's very dangerous while using delta. |
| 18 | 2009-07-17 | 1.9.1.1 | Gökçen Eraslan | Version bump to latest release |
| 17 | 2009-07-17 | 1.9.1 | Ozan Çağlayan | Enable libgnomeui. |
| 16 | 2009-06-30 | 1.9.1 | Gökçen Eraslan | Bump to 1.9.1 release. |
| 15 | 2009-06-19 | 1.9.1_rc1 | Gökçen Eraslan | Keep debug symbols, we need them in debug packages. |
| 14 | 2009-06-13 | 1.9.1_rc1 | Gökçen Eraslan | Version bump to 3.5rc1 |
| 13 | 2009-05-27 | 1.9.1_beta4 | Gökçen Eraslan | * Enable gnome-vfs to enable users to open downloaded files by double-clicking in Firefox. * Switch to system cairo to partially fix font rendering problems of Firefox. |
| 12 | 2009-05-26 | 1.9.1_beta4 | Gökçen Eraslan | Move spellchecking stuff from Firefox package to here. |
| 11 | 2009-05-04 | 1.9.1_beta4 | Gökçen Eraslan | Switch to 1.9.1 branch which means Firefox 3.5 |
| 10 | 2009-04-30 | 1.9.0.10 | Gökçen Eraslan | Move sdk libraries to base package. Some appliactions need them. |
| 9 | 2009-04-30 | 1.9.0.10 | Gökçen Eraslan | Version bump. |
| 8 | 2009-04-27 | 1.9.0.9 | Gökçen Eraslan | Version bump. |
| 7 | 2009-03-17 | 1.9.0.7 | Burak Çalışkan | Version bump. |
| 6 | 2009-02-11 | 1.9.0.6 | Burak Çalışkan | Version bump. |
| 5 | 2009-02-01 | 1.9.0.5 | Burak Çalışkan | - Fix wrong file permissions - Add default nsplugin directory |
| 4 | 2009-01-06 | 1.9.0.5 | Burak Çalışkan | Version bump. |
| 3 | 2008-11-18 | 1.9.0.4 | Burak Çalışkan | Version bump. |
| 2 | 2008-10-04 | 1.9.0.3 | Burak Çalışkan | Version bump. |
| 1 | 2008-08-08 | 1.9.0.1 | Burak Çalışkan | First release. |
Patches
xulrunner-version.patchsuse/mozilla-libproxy.patch
suse/mozilla-pkgconfig.patch
suse/mozilla-kde.patch
suse/mozilla-gconf-backend.patch
suse/gecko-lockdown.patch
suse/toolkit-ui-lockdown.patch
suse/mozilla-ua-locale-pref.patch
pardus/zemberek-firefox3.patch
pardus/autoconf-213-hack.diff
pardus/as-needed.diff
pardus/xulrunner-mozconfig.patch
pardus/pardus-nsplugin-path.patch
pardus/change-kmozillahelper-directory.diff
pardus/add-dbus-glib-library-linkage.diff