Re: Firefox at 3.6.7 that has known security bugs, all the while 3 newer versions where released in 54 days.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2010-09-20 at 15:28 +0200, Bram_Gro wrote:
> On 09/20/2010 02:47 PM, Ankur Sinha wrote:
> > On Mon, 2010-09-20 at 14:30 +0200, Bram_Gro wrote:
> >> On 09/20/2010 01:34 PM, Ankur Sinha wrote:
> >>> On Mon, 2010-09-20 at 13:19 +0200, Bram_Gro wrote:
> >>>> We are stuck with Firefox at 3.6.7 that has known security bugs,  all
> >>>> the while 3 newer versions where released in 54 days.
> >>>>
> >>>>
> >>>> v.3.6.10, released September 15th:
> >>>>
> >>>> Fixed a single stability issue affecting a limited number of users
> >>>>
> >>>> v.3.6.9, released September 7th, 2010
> >>>>
> >>>> MFSA 2010-63 Information leak via XMLHttpRequest statusText
> >>>> MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document
> >>>> allows XSS
> >>>> MFSA 2010-61 UTF-7 XSS by overriding document charset using<object>
> >>>> type attribute
> >>>> MFSA 2010-59 SJOW creates scope chains ending in outer object
> >>>> MFSA 2010-58 Crash on Mac using fuzzed font in data: URL
> >>>> MFSA 2010-57 Crash and remote code execution in normalizeDocument
> >>>> MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView
> >>>> MFSA 2010-55 XUL tree removal crash and remote code execution
> >>>> MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection
> >>>> MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText
> >>>> MFSA 2010-52 Windows XP DLL loading vulnerability
> >>>> MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array
> >>>> MFSA 2010-50 Frameset integer overflow vulnerability
> >>>> MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)
> >>>>
> >>>> v.3.6.8, released July 23rd, 2010
> >>>>
> >>>> MFSA 2010-48 Dangling pointer crash regression from plugin parameter
> >>>> array fix
> >>>>
> >>>>
> >>>> This should be  promptly corrected!
> >>>>
> >>>
> >>> I can see a build in koji for it[1]. Please file a bug requesting the
> >>> maintainer to submit the build as an update. For some reason, the build
> >>> has not been submitted to testing.
> >>>
> >>> [1]
> >>>> http://koji.fedoraproject.org/koji/packageinfo?packageID=37
> >>>
> >> I Get Error code: ssl_error_handshake_failure_alert when trying to
> >> create a account and login at http://koji.fedoraproject.org/koji/login
> >> to contact Xhorak, or for the general submittal of a update request.
> >>
> >
> > hi,
> >
> > you need to signup at bugzilla.redhat.com and submit a bug there.
> >
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=635659 (priority should have 
> been urgent).
> 

Thank you for the bug report. 

-- 
Thanks!
Regards,
Ankur 

https://fedoraproject.org/wiki/User:Ankursinha

"FranciscoD"

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux