- Thu Apr 23 2009 Valery Inozemtsev <shrek@altlinux.ru> 3.0.9-alt0.M41.1
- build for branch 4.1
- Thu Apr 23 2009 Valery Inozemtsev <shrek@altlinux.ru> 3.0.9-alt1.M50.1
- 3.0.9
- Thu Apr 2 2009 Valery Inozemtsev <shrek@altlinux.ru> 3.0.8-alt0.M41.1
- build for branch 4.1
- Thu Apr 2 2009 Valery Inozemtsev <shrek@altlinux.ru> 3.0.8-alt1.M50.1
- 3.0.8
- Tue Nov 18 2008 Alexey Gladkov <legion@altlinux.ru> 3.0.4-alt1
- New release (3.0.4).
- Fixed:
+ MFSA 2008-58 Parsing error in E4X default namespace
+ MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
+ MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
+ MFSA 2008-55 Crash and remote code execution in nsFrameManager
+ MFSA 2008-54 Buffer overflow in http-index-format parser
+ MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
+ MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
+ MFSA 2008-51 file: URIs inherit chrome privileges when opened from chrome
+ MFSA 2008-47 Information stealing via local shortcut files - Wed Oct 8 2008 Alexey Gladkov <legion@altlinux.ru> 3.0.3-alt1
- New release (3.0.3).
- Firefox set itself as default browser correctly (ALT#17384).
- Reload new plugins.
- Fixed:
+ MFSA 2008-44 resource: traversal vulnerabilities
+ MFSA 2008-43 BOM characters stripped from JavaScript before execution
+ MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
+ MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
+ MFSA 2008-40 Forced mouse drag - Tue Sep 9 2008 Alexey Gladkov <legion@altlinux.ru> 3.0.1-alt2
- New bugfix build.
- Update desktop file (ALT#10558). - Fri Jul 18 2008 Alexey Gladkov <legion@altlinux.ru> 3.0.1-alt1
- New version (3.0.1).
- Fixed:
+ MFSA 2008-36 Crash with malformed GIF file on Mac OS X
+ MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running
+ MFSA 2008-34 Remote code execution by overflowing CSS reference counter - Sun Jul 13 2008 Alexey Gladkov <legion@altlinux.ru> 3.0-alt2.20080704
- New bugfix build.
- Add searchplugins: bugzilla@altlinux, wikipedia-ru, yandex.
- Remove RPATH. - Fri Jul 4 2008 Alexey Gladkov <legion@altlinux.ru> 3.0-alt1.20080704
- New cvs snapshot 3.0 (20080704).
- Sat May 31 2008 Alexey Gladkov <legion@altlinux.ru> 3.0-alt1.20080530
- New cvs snapshot 20080530.
- Tue May 20 2008 Alexey Gladkov <legion@altlinux.ru> 3.0-alt1.20080519
- New cvs snapshot (3.0 rc1).
- Sun Feb 3 2008 Alexey Gladkov <legion@altlinux.ru> 3.0-alt1.b3pre
- New cvs snapshot.
- Thu Dec 20 2007 Alexey Gladkov <legion@altlinux.ru> 3.0.b2-alt1
- New major beta version 3.0.b2
- Wed Nov 28 2007 Alexey Gladkov <legion@altlinux.ru> 3.0.b1-alt1
- New major beta version 3.0.b1
- Sun Feb 25 2007 Alexey Gladkov <legion@altlinux.ru> 2.0.0.2-alt1
- New bugfix version 2.0.0.2
- Remove version from requires in *.pc.
- Fixed:
+ MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks
+ MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
+ MFSA 2007-05 XSS and local file access by opening blocked popups
+ MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
+ MFSA 2007-03 Information disclosure through cache collisions
+ MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks
+ MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2) - Sun Jan 28 2007 Alexey Gladkov <legion@altlinux.ru> 2.0.0.1-alt1
- New minor version 2.0.0.1
- Fixed:
+ MFSA 2006-76 XSS using outer window's Function object
+ MFSA 2006-75 RSS Feed-preview referrer leak
+ MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
+ MFSA 2006-72 XSS by setting img.src to javascript: URI
+ MFSA 2006-71 LiveConnect crash finalizing JS objects
+ MFSA 2006-70 Privilege escalation using watch point
+ MFSA 2006-69 CSS cursor image buffer overflow (Windows only)
+ MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1) - Thu Nov 23 2006 Alexey Gladkov <legion@altlinux.ru> 2.0-alt2
- Add %pre script.
- Remove version specific paths. - Sat Oct 28 2006 Alexey Gladkov <legion@altlinux.ru> 2.0-alt1
- New major version 2.0 .
- Don't build libxul.
- Add support for printing via Pango.
- Change printer paper size at A4.
- Check compatibility disabled.
- Patch disabling OS_TEST autoguessing for %ix86 builds on x86_64 host. - Fri Sep 15 2006 Alexey Gladkov <legion@altlinux.ru> 1.5.0.7-alt1
- New version 1.5.0.7 .
- Fixed:
+ MFSA 2006-64 Crashes with evidence of memory corruption (rv:1.8.0.7)
+ MFSA 2006-62 Popup-blocker cross-site scripting (XSS)
+ MFSA 2006-61 Frame spoofing using document.open()
+ MFSA 2006-60 RSA Signature Forgery
+ MFSA 2006-59 Concurrency-related vulnerability
+ MFSA 2006-58 Auto-Update compromise through DNS and SSL spoofing
+ MFSA 2006-57 JavaScript Regular Expression Heap Corruption - Wed Aug 30 2006 Alexey Gladkov <legion@altlinux.ru> 1.5.0.6-alt4
- Add libgtkembedmoz.so, firefox-gtkembedmoz.pc .
- Update BuildRequires. - Wed Aug 16 2006 Alexey Gladkov <legion@altlinux.ru> 1.5.0.6-alt3
- bugfix build.
- Patch to enable intl.locale.matchOS was removed.
- Added default download directory. - Wed Aug 9 2006 Alexey Gladkov <legion@altlinux.ru> 1.5.0.6-alt2
- bugfix build.
- Added patch to handle #9863 (history #4352). - Sat Aug 5 2006 Alexey Gladkov <legion@altlinux.ru> 1.5.0.6-alt1
- New version 1.5.0.6 .
- Fixed:
+ Fixed an issue with playing Windows Media content
+ MFSA 2006-56 chrome: scheme loading remote content
+ MFSA 2006-55 Crashes with evidence of memory corruption (rv:1.8.0.5)
+ MFSA 2006-54 XSS with XPCNativeWrapper(window).Function(...)
+ MFSA 2006-53 UniversalBrowserRead privilege escalation
+ MFSA 2006-52 PAC privilege escalation using Function.prototype.call
+ MFSA 2006-51 Privilege escalation using named-functions and redefined "new Object()"
+ MFSA 2006-50 JavaScript engine vulnerabilities
+ MFSA 2006-48 JavaScript new Function race condition
+ MFSA 2006-47 Native DOM methods can be hijacked across domains
+ MFSA 2006-46 Memory corruption with simultaneous events
+ MFSA 2006-45 Javascript navigator Object Vulnerability
+ MFSA 2006-44 Code execution through deleted frame reference - Thu Jun 8 2006 Alexey Gladkov <legion@altlinux.ru> 1.5.0.4-alt1
- New version.
- Fixed:
+ MFSA 2006-43 Privilege escalation using addSelectionListener
+ MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
+ MFSA 2006-41 File stealing by changing input type (variant)
+ MFSA 2006-39 "View Image" local resource linking (Windows)
+ MFSA 2006-38 Buffer overflow in crypto.signText()
+ MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
+ MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2
+ MFSA 2006-35 Privilege escalation through XUL persist
+ MFSA 2006-34 XSS viewing javascript: frames or images from context menu
+ MFSA 2006-33 HTTP response smuggling
+ MFSA 2006-32 Fixes for crashes with potential memory corruption
+ MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey) - Fri May 12 2006 Alexey Gladkov <legion@altlinux.ru> 1.5.0.3-alt1
- New version.
- Build libxul library.
- Fixed:
+ MFSA 2006-30 Deleted object reference when designMode="on". - Wed Mar 15 2006 Alexey Gladkov <legion@altlinux.ru> 1.5.0.1-alt2
- bugfix build.
- include fix
- plugins directory fix; - Mon Feb 13 2006 Alexey Gladkov <legion@altlinux.ru> 1.5.0.1-alt1
- New version 1.5.0.1
- Buildrequires updated for xorg-7.0
- run-firefox script bugfix:
* usage update
* plugins search path (x86_64)
* unparseable commands handling
- bugfix: #7334, #7682, #8757, #8784, #9017 - Sun Dec 4 2005 Alexey Gladkov <legion@altlinux.ru> 1.5-alt1
- New version 1.5 .
- Spec cleanup.
- Build with external rpm-build-firefox .
- Build with system NSS and NSPR.
- Unused libraries removed.
- Rpm mascros bugfix.
* fix for new rpm.
* change extension installation sheme (again).
- Default preference tunning.
- Startup script rewritten. Now it is single script.
* command line shortcut added: altfaq:NUM .
- SVG support enabled.
- directory /usr/share/firefox-@version@/extensions was added to extensions search path .
* this location is controled by the option extensions.dir.extensions .
- Bug: #7682, #7801, #7856, #7949 fixed. - Tue Aug 16 2005 Alexey Gladkov <legion@altlinux.ru> 1.0.6-alt4
- major bugfix.
- build with official branding.
- x86_64 compatibility addon (patch20, patch21). - Sun Aug 7 2005 Alexey Gladkov <legion@altlinux.ru> 1.0.6-alt3
- release version.
- firsttime script added.
- SVG support disabled.
- Patch #2 bugfix (bug: #7682) - Sun Jul 24 2005 LAKostis <lakostis at altlinux.ru> 1.0.6-alt2.cvs
- fix -nox patch.
- add gssapi detection and build fixes from mhz@. - Tue Jul 19 2005 LAKostis <lakostis at altlinux.ru> 1.0.6-alt1.cvs
- new version from aviary branch fixing various bugs:
+ MFSA2005-54
+ Restore API compatibility for extensions and web applications
that did not work in Firefox 1.0.5. - Mon Jul 11 2005 LAKostis <lakostis at altlinux.ru> 1.0.5-alt2.cvs
- new version from aviary branch;
- Wed Jun 22 2005 LAKostis <lakostis at altlinux.ru> 1.0.5-alt1.cvs
- new version from aviary branch fixing various security bugs;
- fix: #4846, #5101, #7126 (legion).
- if_{with,without} debug - added (legion).
- keyword 'altbug:' added, patch2 updated (legion).
- postin/postun-scripts scripts bugfixes (legion).
- triggers added for trash cleanup (legion). - Mon Jun 20 2005 LAKostis <lakostis at altlinux.ru> 1.0.5-alt0.cvs
- new version from aviary branch;
- fix #6595;
- add switches for svg/xprint easy builds.
- update alt-prefs-tuning.patch (disable annoying default browser dialog). - Sun Jun 12 2005 LAKostis <lakostis at altlinux.ru> 1.0.4-alt1
- new version;
- SA15601 security fix;
- BuildRequires cleanup (remove xorg-x11-libs-static). - Thu Apr 21 2005 Alexey Gladkov <legion@altlinux.ru> 1.0.3-alt1
- new version;
- requires fix; - Wed Apr 13 2005 Alexey Gladkov <legion@altlinux.ru> 1.0.2-alt1
- new version;
- RPATH fix;
- NoX patch was rewritten; - Sun Mar 6 2005 Alexey Gladkov <legion@altlinux.ru> 1.0.1-alt2
- rpm macros was updated;
- Fri Feb 25 2005 Alexey Gladkov <legion@altlinux.ru> 1.0.1-alt1
- new version;
- patch9 was added (mozilla Bug #123315);
- patch10, patch11 was added (#6151); - Mon Feb 14 2005 Alexey Gladkov <legion@altlinux.ru> 1.0-alt7
- plugins path bugfix;
- svg support added;
- x86_64 compatibility added (thx mouse@); - Tue Feb 1 2005 Alexey Gladkov <legion@altlinux.ru> 1.0-alt6
- update patch firefox-1.0-20050201-alt-nox.patch
* uninstall-global-theme command-line option was added;
* update-register command-line option was added;
- firefox-1.0-alt-rpm-scripts.tar.bz2 bugfix; - Thu Jan 27 2005 Alexey Gladkov <legion@altlinux.ru> 1.0-alt5
- disable svg support becouse svg layout lead to segfault
when mozilla compile with gcc3.4 .
- search plugins was moved into the standalone rpm package. - Wed Jan 19 2005 Alexey Gladkov <legion@altlinux.ru> 1.0-alt4
- Rebuilt with libstdc++.so.6.
- Wed Jan 5 2005 Alexey Gladkov <legion@altlinux.ru> 1.0-alt3
- new version;
- browser-plugins-npapi support added;
- new icons default icons(thx shrek@);
- option uninstall-global-extension was fixed; - Wed Nov 3 2004 Alexey Gladkov <legion@altlinux.ru> 1.0-alt2.rc1
- extension sheme changes;
- postin/preun scripts chenges; - Mon Oct 18 2004 Alexey Gladkov <legion@altlinux.ru> 1.0-alt2.PR
- new default extensions added;
- protocol 'mailto' external handler added;
- firefox.macro changed;
- postun script changed;
- icons changed; - Thu Sep 30 2004 Alexey Gladkov <legion@altlinux.ru> 1.0-alt1.PR
- New version 1.0PR;
- New extension scheme;
- Add:
* New option 'run-without-x' added (mouse, legion);
* SVG support added;
* Certificate (ALT Linux CA Root) added;
* ALT Linux BTS search plugin added;
* RPATH added to all binary files;
- bug #4284 fixed; - Fri May 28 2004 Alexey Gladkov <legion@altlinux.ru> 0.8-alt4
- Move back some changes at alt3 build.
- Bug #4157 fixed. - Fri Apr 30 2004 Alexey Gladkov <legion@altlinux.ru> 0.8-alt3.1
- viewsource protocol was added.
- Thu Apr 29 2004 Alexey Gladkov <legion@altlinux.ru> 0.8-alt3
- Minimize buildin extensions;
- Disable debug output;
- Disable some options:
+ disable JavaScript debug library;
+ disable LDAP support;
+ disable logging facilities;
- Necko protocols cleanup; - Tue Feb 24 2004 Alexey Gladkov <legion@altlinux.ru> 0.8-alt2
- Splash screen added (thx sadist@);
- Search plugins added;
- Remove devel package Conflicts;
- Change rebuild-database.sh script. Script must be run only as root;
- Change locale hack. - Wed Feb 11 2004 Alexey Gladkov <legion@altlinux.ru> 0.8-alt1
- Mozilla Firebird becomes Mozilla Firefox. Mozilla's next
generation browser has changed names (again);
- New version; - Sun Jan 11 2004 Alexey Gladkov <legion@altlinux.ru> 0.7-alt2
- Spec changes.
- run-mozilla.sh script patch. - Tue Dec 30 2003 Alexey Gladkov <legion@altlinux.ru> 0.7-alt1
- first build for ALT Linux.
- rpm macro created.
- new scheme loading extensions added (thx force@)