Fedora 9: 2009-3099 Critical: Kazehakase Memory Flaw and Code Exploit

Kazehakase is a Web browser which aims to provide

a user interface that is truly user-friendly & fully customizable.

This package uses Gecko for HTML rendering engine.

Mozilla Firefox is an open source Web browser. XULRunner provides the XUL

Runtime environment for Mozilla Firefox. A memory corruption flaw was

discovered in the way Firefox handles XML files containing an XSLT transform. A

remote attacker could use this flaw to crash Firefox or, potentially, execute

arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was

discovered in the way Firefox handles certain XUL garbage collection events. A

remote attacker could use this flaw to crash Firefox or, potentially, execute

arbitrary code as the user running Firefox. (CVE-2009-1044) This update also

provides depending packages rebuilt against new Firefox version. Miro updates

to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series

* Fri Mar 27 2009 Christopher Aillon - 0.5.6-1.5

- Rebuild against newer gecko

* Fri Mar 6 2009 Jan Horak - 0.5.6-1.4

- Rebuild against newer gecko

* Wed Feb 4 2009 Christopher Aillon - 0.5.6-1.3

- Rebuild against newer gecko

* Wed Dec 17 2008 Christopher Aillon - 0.5.6-1.2

- Rebuild against newer gecko

* Wed Nov 12 2008 Christopher Aillon - 0.5.6-1.1

- Rebuild against newer gecko

* Fri Oct 31 2008 Mamoru Tasaka - 0.5.6-1

- 0.5.6

- -UGTK_DISABLE_DEPRECATED hack removed (hack introduced in upstream)

* Wed Sep 24 2008 Christopher Aillon

- Rebuild against newer gecko (F-9/8)

* Tue Aug 5 2008 Mamoru Tasaka

- Try rev. 3509

* Wed Jul 30 2008 Mamoru Tasaka - 0.5.5-1

- 0.5.5

* Sat Jul 19 2008 Mamoru Tasaka - 0.5.4-7.svn3506_trunk

- F-9+: relax gecko libs dependency (as GRE_GetGREPathWithProperties properly

finds out GRE)

- F-10+: add -UGTK_DISABLE_DEPRECATED temporarily

* Tue Jul 15 2008 Christopher Aillon

- Rebuild against newer gecko (F-8)

* Wed Jul 2 2008 Christopher Aillon

- Rebuild against newer gecko (F-8)

* Sat Jun 28 2008 Mamoru Tasaka - 0.5.4-6.svn3506_trunk

- Try rev 3506

- Workaround for bug 447444 (xulrunner vs hunspell conflict) (F-9+)

* Wed Jun 25 2008 Mamoru Tasaka - 0.5.4-5

- Apply xulrunner related patches from debian by Mike Hommey

(debian bug 480796, rh bug 402641)

This time kazehakase actually works with xulrunner!

su -c 'yum update kazehakase' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/