Fixed in Firefox 3.5.6

MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects
MFSA 2009-70 Privilege escalation via chrome window.opener
MFSA 2009-69 Location bar spoofing vulnerabilities
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-67 Integer overflow, crash in libtheora video library
MFSA 2009-66 Memory safety fixes in liboggplay media library
MFSA 2009-65 Crashes with evidence of memory corruption (rv:

The last 3 are critical fixes. Currently Slackware has 3.5.5 if you have been following the Security-fixes, else 3.5.2 which comes in Slackware 13.0.

What you need to do is find the package cairo-1.8.6 and remove it.Slack64 users:

removepkg cairo-1.8.6-x86_64-3-upgraded-2009-12-17

Then download and build the cairo-1.8.8 package. You can get the slackbuild script in your DVD in directory:  /l

Then installpkg it. Now download the Firefox 3.5.6 source code from here and use the build script in /xap directory to build the Firefox3.5.6 package. Then:

upgradepkg mozilla-firefox-3.5.6-x86_64-1_slack13.0

NOTE: While using the Slackbuilds don’t forget to change the versions to the latest.

EDIT: Pycairo can be upgraded as well. It built without the pyCairo upgrade so I didn’t notice. Thanks to JokerBoy for bringing it to my notice. Source , slackbuilds can be found in /l like cairo.


About these ads