xulrunner

xulrunner 1.9.2.19

XUL Runtime for Gecko Applications

http://mozilla.org

Packager: Gökçen Eraslan

License: MPL-1.1

Actions

Build files

Bug reports

Binary packages

xulrunner
xulrunner-devel

Release history

ReleaseRelease dateVersionUpdaterComment
422011-08-031.9.2.19Gökçen EraslanVersion bump to latest security update:
* Cookie isolation error
* Multiple dangling pointer vulnerabilities
* Integer overflow and arbitrary code execution in Array.reduceRight()
* Memory corruption due to multipart/x-mixed-replace images
* Use-after-free vulnerability when viewing XUL document with script disabled
* Miscellaneous memory safety hazards
* XSLT generate-id() function heap address leak
* Directory traversal in resource: protocol
* Escalation of privilege through Java Embedding Plugin
* Information stealing via form history
* Multiple dangling pointer vulnerabilities
* Miscellaneous memory safety hazards
412011-03-271.9.2.16Gökçen Eraslan* Firefox 3.6.16 blacklists a few invalid HTTPS certificates.
402011-03-111.9.2.15Gökçen Eraslan* CSRF risk with plugins and 307 redirects
* Crash caused by corrupted JPEG image
* ParanoidFragmentSink allows javascript: URLs in chrome documents
* Use-after-free error using Web Workers
* Buffer overflow in JavaScript atom map
* Buffer overflow in JavaScript upvarMap
* Use-after-free error in JSON.stringify
* Recursive eval call causes confirm dialogs to evaluate to true
* Miscellaneous memory safety hazards
* Fixed several stability issues.
* Fixed an issue where some Java applets would fail to load in Firefox 3.6.14
392011-01-291.9.2.13Gökçen Eraslan* Mark /etc/gre.d as data instead of config to prevent bugs like #16343.
* Add COMAR postinstall to register Xulrunner globally.
382010-12-111.9.2.13Gökçen EraslanBump to latest security release to fix several security issues, #15557:
* XSS hazard in multiple character encodings
* Location bar SSL spoofing using network error page
* Incomplete fix for CVE-2010-0179
* Integer overflow vulnerability in NewIdArray
* Use-after-free error with nsDOMAttribute MutationObserver
* Java security bypass from LiveConnect loaded via data: URL meta refresh
* Add support for OTS font sanitizer
* Crash and remote code execution using HTML tags inside a XUL tree
* Chrome privilege escalation with window.open and isindex element
* Buffer overflow while line breaking after document.write with long string
* Miscellaneous memory safety hazards
372010-10-281.9.2.12Gökçen EraslanBump to latest security release to fix CVE-2010-3765:
* Interleaving document.write and appendChild can lead to duplicate text frames and overrunning of text run buffers.
362010-10-201.9.2.11Gökçen EraslanMFSA 2010-72 Insecure Diffie-Hellman key exchange
MFSA 2010-71 Unsafe library loading vulnerabilities
MFSA 2010-70 SSL wildcard certificate matching IP addresses
MFSA 2010-69 Cross-site information disclosure via modal calls
MFSA 2010-68 XSS in gopher parser when parsing hrefs
MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter
MFSA 2010-66 Use-after-free error in nsBarProp
MFSA 2010-65 Buffer overflow and memory corruption using document.write
MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)
352010-09-151.9.2.9Gökçen Eraslan- Version bump to new release:
* Introduced support for the X-FRAME-OPTIONS HTTP response
header. Site owners can use this to mitigate clickjacking
attacks by ensuring that their content is not embedded
into other sites.
* Fixed several security issues.
* Fixed several stability issues.
342010-08-051.9.2.8Gökçen Eraslan- Version bump to new release:
* Dangling pointer crash regression from plugin parameter array fix
* Cross-origin data leakage from script filename in error messages
* Cross-domain data theft using CSS
* Multiple location bar spoofing vulnerabilities
* Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
* Same-origin bypass using canvas context
* Cross-origin data disclosure via Web Workers and importScripts
* Remote code execution using malformed PNG image
* nsTreeSelection dangling pointer remote code execution vulnerability
* nsCSSValue::Array index integer overflow
* Arbitrary code execution using SJOW and fast native function
* Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
* Use-after-free error in NodeIterator
* DOM attribute cloning remote code execution vulnerability
* Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)
332010-06-291.9.2.6Gökçen EraslanVersion bump to new release which just increases hang detector timeout (http://www.mozilla.com/en-US/firefox/3.6.6/releasenotes/)
322010-06-181.9.2.4Gökçen Eraslan- Version bump to new release:
* Firefox 3.6.4 provides uninterrupted browsing for
Linux users when there is a crash in plugins.
* Fixed several security issues.
* Fixed several stability issues.
312010-04-211.9.2.3Gökçen EraslanVersion bump to new release. Also change Xulrunner path as xulrunner-1.9.x instead of xulrunner-1.9.
302010-04-011.9.2.2Gökçen EraslanVersion bump to new security release. reverseDependencyUpdate is added since 1.9.2 series breaks API/ABI.
292010-04-011.9.2Gökçen EraslanVersion bump to new release.
282010-03-301.9.1.9Gökçen EraslanBump to new security release.
272010-02-231.9.1.8Gökçen EraslanBump to new security release (#12316):
* XSS hazard using SVG document and binary Content-Type
* XSS due to window.dialogArguments being readable cross-domain
* Use-after-free crash in HTML parser
* Web Worker Array Handling Heap Corruption Vulnerability
* Crashes with evidence of memory corruption (rv:1.9.1.8/ 1.9.0.18)
262010-01-071.9.1.7Gökçen EraslanVersion bump to new stability release:
* DNS resolution in MakeSN of nsAuthSSPI causing issues for proxy servers that support NTLM auth
252009-12-141.9.1.6Onur KüçükDepend strictly on new gtk2
242009-12-141.9.1.6Gökçen EraslanVersion bump to latest bugfix release.
232009-10-301.9.1.4Gökçen EraslanVersion bump to latest security release, #11473:
* MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15)
* MFSA 2009-63 Upgrade media libraries to fix memory safety bugs
* MFSA 2009-62 Download filename spoofing with RTL override
* MFSA 2009-61 Cross-origin data theft through document.getSelection()
* MFSA 2009-59 Heap buffer overflow in string to number conversion
* MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS()
* MFSA 2009-56 Heap buffer overflow in GIF color map parser
* MFSA 2009-55 Crash in proxy auto-configuration regexp parsing
* MFSA 2009-54 Crash with recursive web-worker calls
* MFSA 2009-53 Local downloaded file tampering
* MFSA 2009-52 Form history vulnerable to stealing
222009-09-101.9.1.3Gökçen EraslanVersion bump to latest security release, CVE-2009-3070, #11144.
212009-08-101.9.1.2Gökçen EraslanVersion bump to latest security release.
202009-07-271.9.1.1Gökçen EraslanAdd jemalloc fix from Mozilla bugzilla for Flash fullscreen crash bug.
192009-07-171.9.1.1Gökçen EraslanRemove postRemove script, it's very dangerous while using delta.
182009-07-171.9.1.1Gökçen EraslanVersion bump to latest release
172009-07-171.9.1Ozan ÇağlayanEnable libgnomeui.
162009-06-301.9.1Gökçen EraslanBump to 1.9.1 release.
152009-06-191.9.1_rc1Gökçen EraslanKeep debug symbols, we need them in debug packages.
142009-06-131.9.1_rc1Gökçen EraslanVersion bump to 3.5rc1
132009-05-271.9.1_beta4Gökçen Eraslan* Enable gnome-vfs to enable users to open downloaded files by double-clicking in Firefox.
* Switch to system cairo to partially fix font rendering problems of Firefox.
122009-05-261.9.1_beta4Gökçen EraslanMove spellchecking stuff from Firefox package to here.
112009-05-041.9.1_beta4Gökçen EraslanSwitch to 1.9.1 branch which means Firefox 3.5
102009-04-301.9.0.10Gökçen EraslanMove sdk libraries to base package. Some appliactions need them.
92009-04-301.9.0.10Gökçen EraslanVersion bump.
82009-04-271.9.0.9Gökçen EraslanVersion bump.
72009-03-171.9.0.7Burak ÇalışkanVersion bump.
62009-02-111.9.0.6Burak ÇalışkanVersion bump.
52009-02-011.9.0.5Burak Çalışkan- Fix wrong file permissions
- Add default nsplugin directory
42009-01-061.9.0.5Burak ÇalışkanVersion bump.
32008-11-181.9.0.4Burak ÇalışkanVersion bump.
22008-10-041.9.0.3Burak ÇalışkanVersion bump.
12008-08-081.9.0.1Burak ÇalışkanFirst release.

Patches

xulrunner-version.patch
suse/mozilla-libproxy.patch
suse/mozilla-pkgconfig.patch
suse/mozilla-kde.patch
suse/mozilla-gconf-backend.patch
suse/gecko-lockdown.patch
suse/toolkit-ui-lockdown.patch
suse/mozilla-ua-locale-pref.patch
pardus/zemberek-firefox3.patch
pardus/autoconf-213-hack.diff
pardus/as-needed.diff
pardus/xulrunner-mozconfig.patch
pardus/pardus-nsplugin-path.patch
pardus/change-kmozillahelper-directory.diff
pardus/add-dbus-glib-library-linkage.diff