Subject: CVS commit: pkgsrc/www/mozilla-bin
To: None <>
From: Matthias Scheler <>
List: pkgsrc-changes
Date: 03/22/2005 09:57:55
Module Name:	pkgsrc
Committed By:	tron
Date:		Tue Mar 22 09:57:55 UTC 2005

Modified Files:
	pkgsrc/www/mozilla-bin: Makefile distinfo

Log Message:
Update "mozilla-bin" package to version 1.7.6. Besides various bug fixes
the following security issuses were fixed:

MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing

Support for Solaris SPARC and x86 is not available due to lack of a
precompiled binary at this point of time.

To generate a diff of this commit:
cvs rdiff -r1.20 -r1.21 pkgsrc/www/mozilla-bin/Makefile
cvs rdiff -r1.12 -r1.13 pkgsrc/www/mozilla-bin/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.