Subject: CVS commit: pkgsrc/www/firefox
To: None <pkgsrc-changes@NetBSD.org>
From: Shin'ichiro TAYA <taya@netbsd.org>
List: pkgsrc-changes
Date: 04/17/2005 02:19:39
Module Name:	pkgsrc
Committed By:	taya
Date:		Sun Apr 17 02:19:39 UTC 2005

Modified Files:
	pkgsrc/www/firefox: Makefile-firefox.common distinfo
Removed Files:
	pkgsrc/www/firefox/patches: patch-bugzilla288688

Log Message:
Update firefox & firefox-gtk1 to 1.0.3.

This is a security fix release.
Fixed vulnerabilities are follows:

MFSA 2005-33  Javascript "lambda" replace exposes memory contents
MFSA 2005-34 javascript: PLUGINSPAGE code execution
MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege context
MFSA 2005-36 Cross-site scripting through global scope pollution
MFSA 2005-37 Code execution through javascript: favicons
MFSA 2005-38 Search plugin cross-site scripting
MFSA 2005-39 Arbitrary code execution from Firefox sidebar panel II
MFSA 2005-40 Missing Install object instance checks
MFSA 2005-41 Privilege escalation via DOM property overrides


To generate a diff of this commit:
cvs rdiff -r1.14 -r1.15 pkgsrc/www/firefox/Makefile-firefox.common
cvs rdiff -r1.27 -r1.28 pkgsrc/www/firefox/distinfo
cvs rdiff -r1.1 -r0 pkgsrc/www/firefox/patches/patch-bugzilla288688

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.