This site is now 100% read-only, and retired.

It is mozilla patch-day!

Posted by Anonymous on Thu 3 Aug 2006 at 17:22

... I have backported security fixes recently announced by mozilla for firefox and thunderbird to the old branch which we have in Debian Sarge (stable). Now these packages need more testing.

You can grab the patchset I produced from

In it you find patches that fix:

  • all security flaws whose security advisories had been announced together with firefox/thunderbird - if applicable
  • a tricky issue that had not been fixed in the last debian stable-security update for mozilla, mozilla-firefox and mozilla-thunderbird (aka mfsa2006-32, Part 2/7).
  • two regressions introduced in our last stable-security update that broke some extensions.

The good news is that a bunch of critical flaws have been identified to not affect Debian stable, namely:

+ CVE-2006-3801, MFSA 2006-44
+ CVE-2006-3677, MFSA 2006-45
+ CVE-2006-3113, MFSA 2006-46
+ CVE-2006-3802, MFSA 2006-47
+ CVE-2006-3803, MFSA 2006-48
+ CVE-2006-3804, MFSA 2006-49
+ CVE-2006-3810, MFSA 2006-54
+ CVE-2006-3812, MFSA 2006-56

More good news is that MFSA2006-45 - which was recently /.ed with a working exploit is in that list too. So Debian stable users are not affected by that issue.

In order to get feedback and testing I am now preparing packages. Testing this is critical, because upstream has abandoned 1.0.x development. So please help to test and report regressions - otherwise those might go unseen and finally slip through to our users. I will announce new packages available for testing on my site and on the pkg-mozilla-maintainers mailing-list.

Thanks for your support!



Re: It is mozilla patch-day!
Posted by reluctant (65.78.xx.xx) on Thu 3 Aug 2006 at 20:05
The original post by Alexander Sack, the debian thunderbird package maintainer, is here:!. html

Let's copy and paste appropriately, with attribution.

[ Parent ]

Re: It is mozilla patch-day!
Posted by Steve (62.30.xx.xx) on Thu 3 Aug 2006 at 22:29
[ View Weblogs ]

Indeed, I should have added the attribution - however it was posted with permission ..


[ Parent ]

Re: It is mozilla patch-day!
Posted by Anonymous (213.164.xx.xx) on Mon 7 Aug 2006 at 10:41
Did you post anonymously?

[ Parent ]

Re: It is mozilla patch-day!
Posted by Anonymous (209.91.xx.xx) on Fri 4 Aug 2006 at 16:48
isn't now out?

[ Parent ]