Fedora 7 Update: epiphany extensions-2.18.3-6
Summary
Epiphany Extensions is a collection of extensions for Epiphany, the
GNOME web browser.
Updated firefox packages that fix several security issues are now available for Fedora 7.
This update has been rated as having critical security impact by the Fedora Security Response Team.
Mozilla Firefox is an open source Web browser.
A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)
Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)
A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)
Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
* Tue Nov 27 2007 Christopher Aillon
- Rebuild against newer gecko
* Tue Nov 6 2007 Peter Gordon
- Rebuild for new Gecko (Firefox 2.0.0.9)
* Sat Oct 20 2007 Peter Gordon
- Rebuild against new Gecko release (Firefox 2.0.0.8)
* Mon Jul 30 2007 Peter Gordon
- Add a patch from upstream SVN to fix GNOME bug 452119 (crash in the
filterset.g updater tool from the AdBlocker extension):
+ fix-adblock-filtersetg-updater.patch
* Wed Jul 18 2007 Peter Gordon
- Rebuild against new Gecko release (Firefox 2.0.0.5).
* Wed Jul 4 2007 Peter Gordon
- Update to new upstream release (2.18.3).
* Wed Jun 6 2007 Christopher Aillon
- Specfiles should _NOT_ call rpm directly. Fix the previous bug the
correct way, by doing explicit requires on the exact versions instead
of via rpm -q
* Tue Jun 5 2007 Peter Gordon
- Add %{_target_cpu} to versioned Firefox dependency to avoid multilib
updating issues such as bug 242318, wherein the 32-bit older Firefox build
matches the versioned dependency, but the updated 64-bit Firefox build
matches the 64-bit shared library dependencies. (Thanks to Frederik Hertzum
for the bug report.)
* Wed May 30 2007 Peter Gordon
- Update to new upstream bugfix release (2.18.2); and rebuild for newer
Firefox/Gecko version (2.0.0.4).
14f8a9fe377988dcce00679fc138bba83f2e983c epiphany-extensions-debuginfo-2.18.3-6.ppc64.rpm
05f827d4823898b47520ada2f1d32f23f5ff312a epiphany-extensions-2.18.3-6.ppc64.rpm
8c723b7fa53a4ddf6a51537a67dac645d70d7c17 epiphany-extensions-2.18.3-6.i386.rpm
34c56e296f026427d253ffb6e9d96bcd1f9631fe epiphany-extensions-debuginfo-2.18.3-6.i386.rpm
5721eb03256feae75343d6b139ffe79ab2ca38cf epiphany-extensions-2.18.3-6.x86_64.rpm
b12fd241545c7204297702ec7de3b440a556028f epiphany-extensions-debuginfo-2.18.3-6.x86_64.rpm
16064cc592b10f6fe2d0b0bac90783857afdaadf epiphany-extensions-debuginfo-2.18.3-6.ppc.rpm
759f98986ec9d6e79c9bc0c8c40d878751eed9a6 epiphany-extensions-2.18.3-6.ppc.rpm
9a51a6a0e5813ed561166b1cb54b19a1dafc40e2 epiphany-extensions-2.18.3-6.src.rpm
This update can be installed with the "yum" update program. Use
su -c 'yum update epiphany-extensions'
at the command line. For more information, refer to "Managing Software
with yum", available at .
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce
FEDORA-2007-3952 2007-11-29 01:44:21.449766 Product : Fedora 7 Version : 2.18.3 Release : 6 URL : https://wiki.gnome.org/Apps Summary : Extensions for Epiphany, the GNOME web browser Description : Epiphany Extensions is a collection of extensions for Epiphany, the GNOME web browser. Updated firefox packages that fix several security issues are now available for Fedora 7. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947) Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959) A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960) Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. * Tue Nov 27 2007 Christopher Aillon - 2.18.3-6 - Rebuild against newer gecko * Tue Nov 6 2007 Peter Gordon - 2.18.3-5 - Rebuild for new Gecko (Firefox 2.0.0.9) * Sat Oct 20 2007 Peter Gordon - 2.18.3-4 - Rebuild against new Gecko release (Firefox 2.0.0.8) * Mon Jul 30 2007 Peter Gordon - 2.18.3-3 - Add a patch from upstream SVN to fix GNOME bug 452119 (crash in the filterset.g updater tool from the AdBlocker extension): + fix-adblock-filtersetg-updater.patch * Wed Jul 18 2007 Peter Gordon - 2.18.3-2 - Rebuild against new Gecko release (Firefox 2.0.0.5). * Wed Jul 4 2007 Peter Gordon - 2.18.3-1 - Update to new upstream release (2.18.3). * Wed Jun 6 2007 Christopher Aillon - 2.18.2-3 - Specfiles should _NOT_ call rpm directly. Fix the previous bug the correct way, by doing explicit requires on the exact versions instead of via rpm -q * Tue Jun 5 2007 Peter Gordon - 2.18.2-2 - Add %{_target_cpu} to versioned Firefox dependency to avoid multilib updating issues such as bug 242318, wherein the 32-bit older Firefox build matches the versioned dependency, but the updated 64-bit Firefox build matches the 64-bit shared library dependencies. (Thanks to Frederik Hertzum for the bug report.) * Wed May 30 2007 Peter Gordon - 2.18.2-1 - Update to new upstream bugfix release (2.18.2); and rebuild for newer Firefox/Gecko version (2.0.0.4). 14f8a9fe377988dcce00679fc138bba83f2e983c epiphany-extensions-debuginfo-2.18.3-6.ppc64.rpm 05f827d4823898b47520ada2f1d32f23f5ff312a epiphany-extensions-2.18.3-6.ppc64.rpm 8c723b7fa53a4ddf6a51537a67dac645d70d7c17 epiphany-extensions-2.18.3-6.i386.rpm 34c56e296f026427d253ffb6e9d96bcd1f9631fe epiphany-extensions-debuginfo-2.18.3-6.i386.rpm 5721eb03256feae75343d6b139ffe79ab2ca38cf epiphany-extensions-2.18.3-6.x86_64.rpm b12fd241545c7204297702ec7de3b440a556028f epiphany-extensions-debuginfo-2.18.3-6.x86_64.rpm 16064cc592b10f6fe2d0b0bac90783857afdaadf epiphany-extensions-debuginfo-2.18.3-6.ppc.rpm 759f98986ec9d6e79c9bc0c8c40d878751eed9a6 epiphany-extensions-2.18.3-6.ppc.rpm 9a51a6a0e5813ed561166b1cb54b19a1dafc40e2 epiphany-extensions-2.18.3-6.src.rpm This update can be installed with the "yum" update program. Use su -c 'yum update epiphany-extensions' at the command line. For more information, refer to "Managing Software with yum", available at . Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce
Change Log
References
Update Instructions
