Fixed in Firefox 3.5.6
MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects
MFSA 2009-70 Privilege escalation via chrome window.opener
MFSA 2009-69 Location bar spoofing vulnerabilities
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-67 Integer overflow, crash in libtheora video library
MFSA 2009-66 Memory safety fixes in liboggplay media library
MFSA 2009-65 Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16)
The last 3 are critical fixes. Currently Slackware has 3.5.5 if you have been following the Security-fixes, else 3.5.2 which comes in Slackware 13.0.
What you need to do is find the package cairo-1.8.6 and remove it.Slack64 users:
removepkg cairo-1.8.6-x86_64-3-upgraded-2009-12-17
Then download and build the cairo-1.8.8 package. You can get the slackbuild script in your DVD in directory: /l
Then installpkg it. Now download the Firefox 3.5.6 source code from here and use the build script in /xap directory to build the Firefox3.5.6 package. Then:
upgradepkg mozilla-firefox-3.5.6-x86_64-1_slack13.0
NOTE: While using the Slackbuilds don’t forget to change the versions to the latest.
EDIT: Pycairo can be upgraded as well. It built without the pyCairo upgrade so I didn’t notice. Thanks to JokerBoy for bringing it to my notice. Source , slackbuilds can be found in /l like cairo.
Regards
December 17, 2009
pdg86
2 Trackbacks / Pingbacks
[slackware] Upgrade to Firefox 3.5.6 « The Linux Space | Just linux! December 17th, 2009 at 19:55
[...] Here is the original: [slackware] Upgrade to Firefox 3.5.6 « The Linux Space [...]
[slackware] Upgrade to Firefox 3.5.6 « The Linux Space Ubuntu Netbook December 17th, 2009 at 20:25
[...] the original post here: [slackware] Upgrade to Firefox 3.5.6 « The Linux Space By admin | category: ubuntu kde | tags: archiso-live, delivers-working, distro, [...]