-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-9505 2009-09-11 22:40:07 --------------------------------------------------------------------------------
Name : firefox Product : Fedora 11 Version : 3.5.3 Release : 1.fc11 URL : http://www.mozilla.org/projects/firefox/ Summary : Mozilla Firefox Web browser Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.5.3, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox35.html#firefox3.5.3 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 7 2009 Jan Horak <jho...@redhat.com> - 3.5.3-1 - Updated to 3.5.3. * Thu Aug 6 2009 Martin Stransky <stran...@redhat.com> - 3.5.2-3 - Fix for #437596 - Firefox needs to register proper name for session restore. * Mon Aug 3 2009 Martin Stransky <stran...@redhat.com> - 3.5.2-2 - Updated to 3.5.2. * Fri Jul 24 2009 Jan Horak <jho...@redhat.com> - 3.5.1-3 - Adjust icons cache update according to template * Wed Jul 22 2009 Jan Horak <jho...@redhat.com> - 3.5.1-2 - New icons fixed * Fri Jul 17 2009 Martin Stransky <stran...@redhat.com> - 3.5.1-1 - Updated to 3.5.1. * Tue Jul 7 2009 Jan Horak <jho...@redhat.com> - 3.5-2 - Updated icon * Tue Jun 30 2009 Christopher Aillon <cail...@redhat.com> - 3.5-1 - Firefox 3.5 final release * Tue May 26 2009 Martin Stransky <stran...@redhat.com> - 3.5-0.21 - fix for #502541 - Firefox version should depend on Xulrunner but does not -------------------------------------------------------------------------------- References: [ 1 ] Bug #521684 - CVE-2009-3069 Firefox 3.5 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521684 [ 2 ] Bug #521686 - CVE-2009-3070 Firefox 3.5 3.0.14 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521686 [ 3 ] Bug #521687 - CVE-2009-3071 Firefox 3.5.2 3.0.14 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521687 [ 4 ] Bug #521688 - CVE-2009-3072 Firefox 3.5.3 3.0.14 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521688 [ 5 ] Bug #521689 - CVE-2009-3073 Firefox 3.5 JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521689 [ 6 ] Bug #521690 - CVE-2009-3074 Firefox 3.5 3.0.14 JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521690 [ 7 ] Bug #521691 - CVE-2009-3075 Firefox 3.5.2 3.0.14 JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521691 [ 8 ] Bug #521693 - CVE-2009-3077 Firefox 3.5.3 3.0.14 TreeColumns dangling pointer vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=521693 [ 9 ] Bug #521694 - CVE-2009-3078 Firefox 3.5.3 3.0.14 Location bar spoofing via tall line-height Unicode characters https://bugzilla.redhat.com/show_bug.cgi?id=521694 [ 10 ] Bug #521695 - CVE-2009-3079 Firefox 3.5.3 3.0.14 Chrome privilege escalation with FeedWriter https://bugzilla.redhat.com/show_bug.cgi?id=521695 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update firefox' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce