-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-1936 2010-02-19 23:54:09 --------------------------------------------------------------------------------

Name : xulrunner Product : Fedora 11 Version : 1.9.1.8 Release : 1.fc11 URL : http://developer.mozilla.org/En/XULRunner Summary : XUL Runtime for Gecko Applications Description : XULRunner provides the XUL Runtime environment for Gecko applications.

-------------------------------------------------------------------------------- Update Information:

Update to new upstream Firefox version 3.5.8, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox35.html#firefox3.5.8 -------------------------------------------------------------------------------- ChangeLog:

* Tue Feb 16 2010 Jan Horak jhorak@redhat.com - 1.9.1.8-1 - Update to 1.9.1.8 * Wed Dec 16 2009 Jan Horak jhorak@redhat.com - 1.9.1.6-1 - Update to 1.9.1.6 * Thu Nov 5 2009 Jan Horak jhorak@redhat.com - 1.9.1.5-1 - Update to 1.9.1.5 * Mon Oct 26 2009 Jan Horak jhorak@redhat.com - 1.9.1.4-1 - Update to 1.9.1.4 * Mon Sep 7 2009 Jan Horak jhorak@redhat.com - 1.9.1.3-1 - Update to 1.9.1.3 * Mon Aug 3 2009 Martin Stransky stransky@redhat.com 1.9.1.2-1 - Update to 1.9.1.2 * Fri Jul 17 2009 Martin Stransky stransky@redhat.com 1.9.1.1-1 - Update to 1.9.1.1 * Thu Jul 16 2009 Christopher Aillon caillon@redhat.com - 1.9.1-5 - Fix for milw0rm 9137 * Tue Jul 14 2009 Jan Horak jhorak@redhat.com - 1.9.1-4 - Fixed multilib issues * Tue Jul 7 2009 Jan Horak jhorak@redhat.com - 1.9.1-3 - Fixed wrong version of Firefox when loading 'about:' as location * Tue Jun 30 2009 Yanko Kaneti yaneti@declera.com - 1.9.1-2 - Build using system hunspell * Tue Jun 30 2009 Christopher Aillon caillon@redhat.com 1.9.1-1 - Update to 1.9.1 final release -------------------------------------------------------------------------------- References:

[ 1 ] Bug #566047 - CVE-2010-0159 Mozilla crashes with evidence of memory corruption (MFSA 2010-01) https://bugzilla.redhat.com/show_bug.cgi?id=566047 [ 2 ] Bug #566049 - CVE-2010-0160 Mozilla implementation of Web Workers can lead to crash with evidence of memory corruption (MFSA 2010-02) https://bugzilla.redhat.com/show_bug.cgi?id=566049 [ 3 ] Bug #566050 - CVE-2009-1571 Mozilla incorrectly frees used memory (MFSA 2010-03) https://bugzilla.redhat.com/show_bug.cgi?id=566050 [ 4 ] Bug #566051 - CVE-2009-3988 Mozilla violation of same-origin policy due to properties set on objects passed to showModalDialog (MFSA 2010-04) https://bugzilla.redhat.com/show_bug.cgi?id=566051 [ 5 ] Bug #566052 - CVE-2010-0162 Mozilla bypass of same-origin policy due to improper SVG document processing (MFSA 2010-05) https://bugzilla.redhat.com/show_bug.cgi?id=566052 --------------------------------------------------------------------------------

This update can be installed with the "yum" update program. Use su -c 'yum update xulrunner' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------