epiphanymozilla-xulrunner181: Security update to version 1.8.1.10mozilla-xulrunner181: Securityupdate auf Version 1.8.1.10This update brings the Mozilla XUL runner engine to
security update version 1.8.1.10
MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in
Mozilla Firefox retrieves the inner URL regardless of its
MIME type, and considers HTML documents within a jar
archive to have the same origin as the inner URL, which
allows remote attackers to conduct cross-site scripting
(XSS) attacks via a jar: URI.
MFSA 2007-38 / CVE-2007-5959: The Firefox 2.0.0.10 update
contains fixes for three bugs that improve the stability of
the product. These crashes showed some evidence of memory
corruption under certain circumstances and we presume that
with enough effort at least some of these could be
exploited to run arbitrary code.
MFSA 2007-39 / CVE-2007-5960: Gregory Fleischer
demonstrated that it was possible to generate a fake HTTP
Referer header by exploiting a timing condition when
setting the window.location property. This could be used to
conduct a Cross-site Request Forgery (CSRF) attack against
websites that rely only on the Referer header as protection
against such attacks.
Die Mozilla XUL engine wurde auf Version 1.8.1.10 gebracht,
die folgende sicherheitsrelevante Fehler behebt
(aufgelistet auf englisch):
MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in
Mozilla Firefox retrieves the inner URL regardless of its
MIME type, and considers HTML documents within a jar
archive to have the same origin as the inner URL, which
allows remote attackers to conduct cross-site scripting
(XSS) attacks via a jar: URI.
MFSA 2007-38 / CVE-2007-5959: The Firefox 2.0.0.10 update
contains fixes for three bugs that improve the stability of
the product. These crashes showed some evidence of memory
corruption under certain circumstances and we presume that
with enough effort at least some of these could be
exploited to run arbitrary code.
MFSA 2007-39 / CVE-2007-5960: Gregory Fleischer
demonstrated that it was possible to generate a fake HTTP
Referer header by exploiting a timing condition when
setting the window.location property. This could be used to
conduct a Cross-site Request Forgery (CSRF) attack against
websites that rely only on the Referer header as protection
against such attacks.
securityepiphanyi586106da083f6185025179e5ac4a8526f37aff9f62afecd6cf6a42d8a775aae3fcccc7956027a192d9bepiphanyppcc1a8130bb8969a272c29e0e71d98aaccfa583b25a8e9e4626886069e1a6fce32075d9e84c1b861a7epiphanyx86_648ac82f0a06b42ca46c5afd385f9ff0076c3aacaff21f8423e6e0601d2b43f67c29cf3852c073dfe9epiphany-develi586159e92938bd87aa213200171eba3bb59f7f87cb843558028875fb96c4eda6bedb19492d0942af2acepiphany-develppc2b2d9dbe1ef015d1df5fabe64feb6b43fe71140563507e4652070251436ad3e61b352ba02d010d55epiphany-develx86_64c0464ad5a48408104d3ed8dd5c34c031d44cf18388da84971a9ecdf95f33d579a3480040920150faepiphany-doci586943376566fa2f04dddfab27d42472f22600d588bepiphany-docppcc5c099deb760924022d5a1c78a526a5fa2238b9aepiphany-docx86_6401190dfb7b8a959116b6c502d5d2a8887a4d7b90epiphany-extensionsi586979e9e17b532cd21a2f9014462abc8b1a67d965a7053dc6d4d7cbcb0db7ef3b5088ca2b8e95b429depiphany-extensionsppcac9a525cf6c8b827d8da3ee2cdd636067e9242eff4409e74488189c2d860f07495ef886eb54a0f44epiphany-extensionsx86_6425272c6ba3b601d571f80e10cee6751a9961f3c68de708e7b341a72c6d5dbe595625cd0271b2fe8bepiphany-extensions-langi58654c33fd3695f84d0cc4e22f6b5baf0dca2ae2298e48867e865760593597f22a0aed05e50d0bf4027epiphany-extensions-langppcdd160aaf2454937679b813ad1f83c534c66e96088bb9a98c9ee60874a31db43b28e235fc6ae9505aepiphany-extensions-langx86_649d8e57d72a7d8023a9e533d227da0029292322e0ec6c28bae3f0899608bc47f8fedf997ac48e717cepiphany-langi5869d3139dbfe4bd587997ba99c115120cdc59ed285dcd630297a73bb09bb4bf7daf56ffae1bc167e15epiphany-langppc8e7a17f25451b4e08a11e39ad9a10c9687d0344834833c223e01146e837de991f6cd814ccf8da959epiphany-langx86_6436111c46c2925c92d2f22564edae00d4fb1871a6e64999bc9c665d62e3b487506af9cd81331f02c1mozilla-xulrunner181i58653440c0f4112fb6f1e8031c520812cf885203cc70e111cb0b8436768693d3e535f69e173f6d51ba8mozilla-xulrunner181ppc93f7f2914b49f255ca56b8df879236f0d16b8903d78e6973e5612eaa80e5641618afb78f4f730551mozilla-xulrunner181x86_649cfbcc8ff33eecdc30fb6c2a8dd9c164c515d7c1e625f0e9e36457291c1d256cb9b93ea1224d0e0fmozilla-xulrunner181-32bitx86_64e4cb7e2220d5185078357bc09e2360c5b0dd42d2mozilla-xulrunner181-64bitppc9c6cb94be716416f6469248872a075e2e0ea0f61mozilla-xulrunner181-develi5863a53449c18803ce29737b83327863c8bd98b8823f9e45fcc17f3755aa4a1da85510451979637ef56mozilla-xulrunner181-develppc0f2eb45a5ea572ff6075bf9a2ff3db2d4c455f9c3ec438c3efaf4d69722fc04884007b0e3cbf8a28mozilla-xulrunner181-develx86_64548aa18d9e0131c8b40e69f6b3754d836597960fb38b3fc82fad8330f3ecea15cdb282b7831eb2a2mozilla-xulrunner181-l10ni586676efc42bde8fbbce50751dd4b224790b7115063285230f6974f1cdd743a2a1c27ed38cfae8917f6mozilla-xulrunner181-l10nppc4ca2713150a815656f8a8acc81463f9a2ff1e52bmozilla-xulrunner181-l10nx86_64afe655bb5b12286b04b854e851bf9bc498a266731c59aea90313dd6188d9dc66442c8d98e96cf24a