Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

seamonkey-dom-inspector-2.13.1-2.18.1 RPM for x86_64

From OpenSuSE 12.2 updates for x86_64

Name: seamonkey-dom-inspector Distribution: openSUSE 12.2
Version: 2.13.1 Vendor: openSUSE
Release: 2.18.1 Build date: Fri Oct 12 12:58:40 2012
Group: Development/Tools/Navigators Build host: build35
Size: 311549 Source RPM: seamonkey-2.13.1-2.18.1.src.rpm
Packager: http://bugs.opensuse.org
Url: http://www.mozilla.org/projects/seamonkey
Summary: The SeaMonkey DOM Inspector
This is a tool that allows you to inspect the DOM for web pages in
SeaMonkey. This is of great use to people who are doing SeaMonkey
chrome development or web page development.

Provides

Requires

License

MPL-2.0

Changelog

* Fri Oct 12 2012 wr@rosenauer.org
  - update to SeaMonkey 2.13.1 (bnc#783533)
    * MFSA 2012-88/CVE-2012-4191 (bmo#798045)
      Miscellaneous memory safety hazards
    * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619)
      defaultValue security checks not applied
* Mon Oct 08 2012 wr@rosenauer.org
  - update to SeaMonkey 2.13 (bnc#783533)
    * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983
      Miscellaneous memory safety hazards
    * MFSA 2012-75/CVE-2012-3984 (bmo#575294)
      select element persistance allows for attacks
    * MFSA 2012-76/CVE-2012-3985 (bmo#655649)
      Continued access to initial origin after setting document.domain
    * MFSA 2012-77/CVE-2012-3986 (bmo#775868)
      Some DOMWindowUtils methods bypass security checks
    * MFSA 2012-79/CVE-2012-3988 (bmo#725770)
      DOS and crash with full screen and history navigation
    * MFSA 2012-80/CVE-2012-3989 (bmo#783867)
      Crash with invalid cast when using instanceof operator
    * MFSA 2012-81/CVE-2012-3991 (bmo#783260)
      GetProperty function can bypass security checks
    * MFSA 2012-82/CVE-2012-3994 (bmo#765527)
      top object and location property accessible by plugins
    * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370)
      Chrome Object Wrapper (COW) does not disallow acces to privileged
      functions or properties
    * MFSA 2012-84/CVE-2012-3992 (bmo#775009)
      Spoofing and script injection through location.hash
    * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
      CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
      Use-after-free, buffer overflow, and out of bounds read issues
      found using Address Sanitizer
    * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
      CVE-2012-4188
      Heap memory corruption issues found using Address Sanitizer
    * MFSA 2012-87/CVE-2012-3990 (bmo#787704)
      Use-after-free in the IME State Manager
  - requires NSPR 4.9.2
  - improve GStreamer integration (bmo#760140)
* Mon Sep 10 2012 wr@rosenauer.org
  - update to SeaMonkey 2.12.1 (bnc#779936)
    * Sites visited while in Private Browsing mode could be found
      through manual browser cache inspection (bmo#787743)
* Mon Aug 27 2012 wr@rosenauer.org
  - update to SeaMonkey 2.12 (bnc#777588)
    * MFSA 2012-57/CVE-2012-1970
      Miscellaneous memory safety hazards
    * MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975
      CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959
      CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964
      Use-after-free issues found using Address Sanitizer
    * MFSA 2012-59/CVE-2012-1956 (bmo#756719)
      Location object can be shadowed using Object.defineProperty
    * MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793)
      Memory corruption with bitmap format images with negative height
    * MFSA 2012-62/CVE-2012-3967/CVE-2012-3968
      WebGL use-after-free and memory corruption
    * MFSA 2012-63/CVE-2012-3969/CVE-2012-3970
      SVG buffer overflow and use-after-free issues
    * MFSA 2012-64/CVE-2012-3971
      Graphite 2 memory corruption
    * MFSA 2012-65/CVE-2012-3972 (bmo#746855)
      Out-of-bounds read in format-number in XSLT
    * MFSA 2012-68/CVE-2012-3975 (bmo#770684)
      DOMParser loads linked resources in extensions when parsing
      text/html
    * MFSA 2012-69/CVE-2012-3976 (bmo#768568)
      Incorrect site SSL certificate data display
    * MFSA 2012-70/CVE-2012-3978 (bmo#770429)
      Location object security checks bypassed by chrome code
  - enable GStreamer for 12.1 and higher
  - use internal libjpeg
* Sun Jul 29 2012 wr@rosenauer.org
  - import PPC patch from Firefox:
    * add patches for bmo#750620 and bmo#746112
    * fix xpcshell segfault on ppc
* Mon Jul 16 2012 wr@rosenauer.org
  - update to Seamonkey 2.11 (bnc#771583)
    * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948
      Miscellaneous memory safety hazards
    * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952
      Gecko memory corruption
    * MFSA 2012-45/CVE-2012-1955 (bmo#757376)
      Spoofing issue with location
    * MFSA 2012-47/CVE-2012-1957 (bmo#750096)
      Improper filtering of javascript in HTML feed-view
    * MFSA 2012-48/CVE-2012-1958 (bmo#750820)
      use-after-free in nsGlobalWindow::PageHidden
    * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559)
      Same-compartment Security Wrappers can be bypassed
    * MFSA 2012-50/CVE-2012-1960 (bmo#761014)
      Out of bounds read in QCMS
    * MFSA 2012-51/CVE-2012-1961 (bmo#761655)
      X-Frame-Options header ignored when duplicated
    * MFSA 2012-52/CVE-2012-1962 (bmo#764296)
      JSDependentString::undepend string conversion results in memory
      corruption
    * MFSA 2012-53/CVE-2012-1963 (bmo#767778)
      Content Security Policy 1.0 implementation errors cause data
      leakage
    * MFSA 2012-56/CVE-2012-1967 (bmo#758344)
      Code execution through javascript: URLs
    * relicensed to MPL-2.0
  - updated/removed patches
  - requires NSS 3.13.5
* Fri Jun 15 2012 wr@rosenauer.org
  - update to Seamonkey 2.10.1
* Mon Jun 04 2012 wr@rosenauer.org
  - update to Seamonkey 2.10 (bnc#765204)
    * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
      Miscellaneous memory safety hazards
    * MFSA 2012-36/CVE-2012-1944 (bmo#751422)
      Content Security Policy inline-script bypass
    * MFSA 2012-37/CVE-2012-1945 (bmo#670514)
      Information disclosure though Windows file shares and shortcut
      files
    * MFSA 2012-38/CVE-2012-1946 (bmo#750109)
      Use-after-free while replacing/inserting a node in a document
    * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
      Buffer overflow and use-after-free issues found using Address
      Sanitizer
  - requires NSS 3.13.4
    * MFSA 2012-39/CVE-2012-0441 (bmo#715073)
* Mon Apr 30 2012 wr@rosenauer.org
  - update to Seamonkey 2.9.1
    * fix regressions
    - POP3 filters (bmo#748090)
    - Message Body not loaded when using "Fetch Headers Only"
      (bmo#748865)
    - Received messages contain parts of other messages with
      movemail account (bmo#748726)
    - New mail notification issue (bmo#748997)
    - crash in nsMsgDatabase::MatchDbName (bmo#748432)
* Fri Apr 27 2012 wr@rosenauer.org
  - fixed build with gcc 4.7
* Mon Apr 23 2012 wr@rosenauer.org
  - update to Seamonkey 2.9 (bnc#758408)
    * MFSA 2012-20/CVE-2012-0467/CVE-2012-0468
      Miscellaneous memory safety hazards
    * MFSA 2012-22/CVE-2012-0469 (bmo#738985)
      use-after-free in IDBKeyRange
    * MFSA 2012-23/CVE-2012-0470 (bmo#734288)
      Invalid frees causes heap corruption in gfxImageSurface
    * MFSA 2012-24/CVE-2012-0471 (bmo#715319)
      Potential XSS via multibyte content processing errors
    * MFSA 2012-25/CVE-2012-0472 (bmo#744480)
      Potential memory corruption during font rendering using cairo-dwrite
    * MFSA 2012-26/CVE-2012-0473 (bmo#743475)
      WebGL.drawElements may read illegal video memory due to
      FindMaxUshortElement error
    * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307)
      Page load short-circuit can lead to XSS
    * MFSA 2012-28/CVE-2012-0475 (bmo#694576)
      Ambiguous IPv6 in Origin headers may bypass webserver access
      restrictions
    * MFSA 2012-29/CVE-2012-0477 (bmo#718573)
      Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
    * MFSA 2012-30/CVE-2012-0478 (bmo#727547)
      Crash with WebGL content using textImage2D
    * MFSA 2012-31/CVE-2011-3062 (bmo#739925)
      Off-by-one error in OpenType Sanitizer
    * MFSA 2012-32/CVE-2011-1187 (bmo#624621)
      HTTP Redirections and remote content can be read by javascript errors
    * MFSA 2012-33/CVE-2012-0479 (bmo#714631)
      Potential site identity spoofing when loading RSS and Atom feeds
* Sat Apr 21 2012 wr@rosenauer.org
  - update to 2.9b4
  - added mozilla-sle11.patch and add exceptions to be able to build
    for SLE11/11.1
  - exclude broken gl locale from build
  - fixed build on 11.2-x86_64 by adding mozilla-revert_621446.patch
  - added mozilla-gcc47.patch and mailnews-literals.patch to fix
    compilation issues with recent gcc 4.7
* Tue Mar 13 2012 wr@rosenauer.org
  - update to Seamonkey 2.8 (bnc#750044)
    * MFSA 2012-13/CVE-2012-0455 (bmo#704354)
      XSS with Drag and Drop and Javascript: URL
    * MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103)
      SVG issues found with Address Sanitizer
    * MFSA 2012-15/CVE-2012-0451 (bmo#717511)
      XSS with multiple Content Security Policy headers
    * MFSA 2012-16/CVE-2012-0458
      Escalation of privilege with Javascript: URL as home page
    * MFSA 2012-17/CVE-2012-0459 (bmo#723446)
      Crash when accessing keyframe cssText after dynamic modification
    * MFSA 2012-18/CVE-2012-0460 (bmo#727303)
      window.fullScreen writeable by untrusted content
    * MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
      CVE-2012-0463
      Miscellaneous memory safety hazards
  - explicitely build-require X libs
* Thu Feb 16 2012 wr@rosenauer.org
  - update to Seamonkey 2.7.2 (bnc#747328)
    * CVE-2011-3026 (bmo#727401)
      libpng: integer overflow leading to heap-buffer overflow
* Thu Feb 09 2012 wr@rosenauer.org
  - update to Seamonkey 2.7.1 (bnc#746616)
    * MFSA 2012-10/CVE-2012-0452 (bmo#724284)
      use after free in nsXBLDocumentInfo::ReadPrototypeBindings
  - Use YARR interpreter instead of PCRE on platforms where YARR JIT
    is not supported, since PCRE doesnt build (bmo#691898)
  - fix ppc64 build (bmo#703534)
* Tue Jan 31 2012 wr@rosenauer.org
  - update to Seamonkey 2.7 (bnc#744275)
    * MFSA 2012-01/CVE-2012-0442/CVE-2012-0443
      Miscellaneous memory safety hazards
    * MFSA 2012-03/CVE-2012-0445 (bmo#701071)
      <iframe> element exposed across domains via name attribute
    * MFSA 2012-04/CVE-2011-3659 (bmo#708198)
      Child nodes from nsDOMAttribute still accessible after removal
      of nodes
    * MFSA 2012-05/CVE-2012-0446 (bmo#705651)
      Frame scripts calling into untrusted objects bypass security
      checks
    * MFSA 2012-06/CVE-2012-0447 (bmo#710079)
      Uninitialized memory appended when encoding icon images may
      cause information disclosure
    * MFSA 2012-07/CVE-2012-0444 (bmo#719612)
      Potential Memory Corruption When Decoding Ogg Vorbis files
    * MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466)
      Crash with malformed embedded XSLT stylesheets
* Sat Dec 24 2011 wr@rosenauer.org
  - update to Seamonkey 2.6.1
    * (strongparent) parentNode of element gets lost (bmo#335998)
* Sun Dec 18 2011 wr@rosenauer.org
  - update to 2.6 (bnc#737533)
    * MFSA 2011-53/CVE-2011-3660
      Miscellaneous memory safety hazards (rv:9.0)
    * MFSA 2011-54/CVE-2011-3661 (bmo#691299)
      Potentially exploitable crash in the YARR regular expression
      library
    * MFSA 2011-55/CVE-2011-3658 (bmo#708186)
      nsSVGValue out-of-bounds access
    * MFSA 2011-56/CVE-2011-3663 (bmo#704482)
      Key detection without JavaScript via SVG animation
    * MFSA 2011-58/VE-2011-3665 (bmo#701259)
      Crash scaling <video> to extreme sizes
* Thu Nov 24 2011 pcerny@suse.com
  - update to 2.5 (bnc#728520)
    * MFSA 2011-47/CVE-2011-3648 (bmo#690225)
      Potential XSS against sites using Shift-JIS
    * MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654
      Miscellaneous memory safety hazards
    * MFSA 2011-49/CVE-2011-3650 (bmo#674776)
      Memory corruption while profiling using Firebug
    * MFSA 2011-52/CVE-2011-3655 (bmo#672182)
      Code execution via NoWaiverWrapper
* Mon Oct 03 2011 wr@rosenauer.org
  - update to minor release 2.4.1
    * fixed staged addon updates
* Mon Sep 26 2011 wr@rosenauer.org
  - update to 2.4 (bnc#720264)
    * MFSA 2011-36/CVE-2011-2995/CVE-2011-2996/CVE-2011-2997
      Miscellaneous memory safety hazards
    * MFSA 2011-39/CVE-2011-3000 (bmo#655389)
      Defense against multiple Location headers due to CRLF Injection
    * MFSA 2011-40/CVE-2011-2372/CVE-2011-3001
      Code installation through holding down Enter
    * MFSA 2011-41/CVE-2011-3002/CVE-2011-3003 (bmo#680840, bmo#682335)
      Potentially exploitable WebGL crashes
    * MFSA 2011-42/CVE-2011-3232 (bmo#653672)
      Potentially exploitable crash in the YARR regular expression
      library
    * MFSA 2011-43/CVE-2011-3004 (bmo#653926)
      loadSubScript unwraps XPCNativeWrapper scope parameter
    * MFSA 2011-44/CVE-2011-3005 (bmo#675747)
      Use after free reading OGG headers
    * MFSA 2011-45
      Inferring keystrokes from motion data
  - removed obsolete mozilla-cairo-lcd.patch
  - rebased patches
  - removed XLIB_SKIP_ARGB_VISUALS=1 from environment in
    mozilla.sh.in (bnc#680758)
* Wed Sep 14 2011 wr@rosenauer.org
  - add dbus-1-glib-devel to BuildRequires (not pulled in
    automatically with 12.1)
* Wed Sep 07 2011 pcerny@suse.com
  - security update to 2.3.3 (bnc#714931)
    * Complete blocking of certificates issued by DigiNotar
      (bmo#683449)
* Fri Sep 02 2011 pcerny@suse.com
  - security update to 2.3.2 (bnc#714931)
    * MFSA 2011-34
      Protection against fraudulent DigiNotar certificates
      (bmo#682927)
* Mon Aug 15 2011 wr@rosenauer.org
  - update to version 2.3 (bnc#712224)
    included security fixes
    * CVE-2011-2989/CVE-2011-2991/CVE-2011-2992/CVE-2011-2985
      Miscellaneous memory safety hazards
    * CVE-2011-2993 (bmo#657267)
      Unsigned scripts can call script inside signed JAR
    * CVE-2011-2988 (bmo#665934)
      Heap overflow in ANGLE library
    * CVE-2011-0084 (bmo#648094)
      Crash in SVGTextElement.getCharNumAtPosition()
    * CVE-2011-2990
      Credential leakage using Content Security Policy reports
    * CVE-2011-2986 (bmo#655836)
      Cross-origin data theft using canvas and Windows D2D
    * Gecko 6
    * removed obsolete mozilla-gio.patch
* Fri Jul 08 2011 wr@rosenauer.org
  - update to version 2.2
    * Gecko 5
    included fixes for security issues: (bnc#701296, bnc#700578)
    * MFSA 2011-19/CVE-2011-2374 CVE-2011-2375
      Miscellaneous memory safety hazards
    * MFSA 2011-20/CVE-2011-2373 (bmo#617247)
      Use-after-free vulnerability when viewing XUL document with
      script disabled
    * MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303)
      Memory corruption due to multipart/x-mixed-replace images
    * MFSA 2011-22/CVE-2011-2371 (bmo#664009)
      Integer overflow and arbitrary code execution in
      Array.reduceRight()
    * MFSA 2011-25/CVE-2011-2366
      Stealing of cross-domain images using WebGL textures
    * MFSA 2011-26/CVE-2011-2367 CVE-2011-2368
      Multiple WebGL crashes
    * MFSA 2011-27/CVE-2011-2369 (bmo#650001)
      XSS encoding hazard with inline SVG
    * MFSA 2011-28/CVE-2011-2370 (bmo#645699)
      Non-whitelisted site can trigger xpinstall
* Mon Jun 13 2011 wr@rosenauer.org
  - use faster version for find-external-requires.sh
    (from Petr Cerny)
  - removed obsolete default preferences
  - ported UA locale fix (bnc#582654)
  - updated supported locale RPM tags
* Fri Jun 10 2011 wr@rosenauer.org
  - major update to version 2.1
    * Gecko 2.0 (with all its features)
  - avoid __DATE__ and __TIME__ usage
* Wed Mar 23 2011 wr@rosenauer.org
  - security update to version 2.0.13 (bnc#680771)
    * MFSA 2011-11 (bmo#642395)
      Update HTTPS certificate blacklist
* Mon Jan 24 2011 wr@rosenauer.org
  - security update to version 2.0.12 (bnc#667155)
    * MFSA 2011-01/CVE-2011-0053/CVE-2011-0062
      Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)
    * MFSA 2011-02/CVE-2011-0051 (bmo#616659)
      Recursive eval call causes confirm dialogs to evaluate to true
    * MFSA 2011-03/CVE-2011-0055 (bmo#616009, bmo#619255)
      Use-after-free error in JSON.stringify
    * MFSA 2011-04/CVE-2011-0054 (bmo#615657)
      Buffer overflow in JavaScript upvarMap
    * MFSA 2011-05/CVE-2011-0056 (bmo#622015)
      Buffer overflow in JavaScript atom map
    * MFSA 2011-06/CVE-2011-0057 (bmo#626631)
      Use-after-free error using Web Workers
    * MFSA 2011-08/CVE-2010-1585 (bmo#562547)
      ParanoidFragmentSink allows javascript: URLs in chrome documents
    * MFSA 2011-09/CVE-2011-0061 (bmo#610601)
      Crash caused by corrupted JPEG image
    * MFSA 2011-10/CVE-2011-0059 (bmo#573873)
      CSRF risk with plugins and 307 redirects
* Mon Jan 10 2011 wr@rosenauer.org
  - add x-scheme-handlers to desktop files as needed by newer Gnome
    environment
* Thu Nov 25 2010 wr@rosenauer.org
  - security update to version 2.0.11 (bnc#657016)
    * MFSA 2010-74/CVE-2010-3776/CVE-2010-3777/CVE-2010-3778
      Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)
    * MFSA 2010-75/CVE-2010-3769 (bmo#608336)
      Buffer overflow while line breaking after document.write with
      long string
    * MFSA 2010-76/CVE-2010-3771 (bmo#609437)
      Chrome privilege escalation with window.open and <isindex> element
    * MFSA 2010-77/CVE-2010-3772 (bmo#594547)
      Crash and remote code execution using HTML tags inside a XUL tree
    * MFSA 2010-78/CVE-2010-3768 (bmo#527276)
      Add support for OTS font sanitizer
    * MFSA 2010-79/CVE-2010-3775
      Java security bypass from LiveConnect loaded via data: URL
      meta refresh
    * MFSA 2010-80/CVE-2010-3766 (bmo#590771)
      Use-after-free error with nsDOMAttribute MutationObserver
    * MFSA 2010-81/CVE-2010-3767 (bmo#599468)
      Integer overflow vulnerability in NewIdArray
    * MFSA 2010-82/CVE-2010-3773 (bmo#554449)
      Incomplete fix for CVE-2010-0179
    * MFSA 2010-83/VE-2010-3774 (bmo#602780)
      Location bar SSL spoofing using network error page
    * MFSA 2010-84/CVE-2010-3770 (bmo#601429)
      XSS hazard in multiple character encodings
* Wed Oct 27 2010 wr@rosenauer.org
  - security update to version 2.0.10 (bnc#649492)
    * MFSA 2010-73/CVE-2010-3765 (bmo#607222)
      Heap buffer overflow mixing document.write and DOM insertion
* Thu Oct 07 2010 wr@rosenauer.org
  - security update to version 2.0.9 (bnc#645315)
    * MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176
      Miscellaneous memory safety hazards
    * MFSA 2010-65/CVE-2010-3179 (bmo#583077)
      Buffer overflow and memory corruption using document.write
    * MFSA 2010-66/CVE-2010-3180 (bmo#588929)
      Use-after-free error in nsBarProp
    * MFSA 2010-67/CVE-2010-3183 (bmo#598669)
      Dangling pointer vulnerability in LookupGetterOrSetter
    * MFSA 2010-68/CVE-2010-3177 (bmo#556734)
      XSS in gopher parser when parsing hrefs
    * MFSA 2010-69/CVE-2010-3178 (bmo#576616)
      Cross-site information disclosure via modal calls
    * MFSA 2010-70/CVE-2010-3170 (bmo#578697)
      SSL wildcard certificate matching IP addresses
    * MFSA 2010-71/CVE-2010-3182 (bmo#590753, bnc#642502)
      Unsafe library loading vulnerabilities
    * MFSA 2010-72/CVE-2010-3173
      Insecure Diffie-Hellman key exchange
    * removed upstreamed mozilla-helper-app.patch
  - require mozilla-nss >= 3.12.8
* Wed Sep 15 2010 wr@rosenauer.org
  - update to 2.0.8
    * fixing startup topcrash (bmo#594699)
    * add "face" to the list of white-listed attributes (bmo#592601)
  - added Cairo LCD filter patch to enable subpixel hinting where
    supported (bnc#638186) (mozilla-cairo-lcd.patch)
* Thu Aug 26 2010 wr@rosenauer.org
  - security upate to 2.0.7 (bnc#637303)
    * MFSA 2010-49/CVE-2010-3169
      Miscellaneous memory safety hazards
    * MFSA 2010-50/CVE-2010-2765 (bmo#576447)
      Frameset integer overflow vulnerability
    * MFSA 2010-51/CVE-2010-2767 (bmo#584512)
      Dangling pointer vulnerability using DOM plugin array
    * MFSA 2010-53/CVE-2010-3166 (bmo#579655)
      Heap buffer overflow in nsTextFrameUtils::TransformText
    * MFSA 2010-54/CVE-2010-2760 (bmo#585815)
      Dangling pointer vulnerability in nsTreeSelection
    * MFSA 2010-55/CVE-2010-3168 (bmo#576075)
      XUL tree removal crash and remote code execution
    * MFSA 2010-56/CVE-2010-3167 (bmo#576070)
      Dangling pointer vulnerability in nsTreeContentView
    * MFSA 2010-57/CVE-2010-2766 (bmo#580445)
      Crash and remote code execution in normalizeDocument
    * MFSA 2010-60/CVE-2010-2763 (bmo#585284)
      XSS using SJOW scripted function
    * MFSA 2010-61/CVE-2010-2768 (bmo#579744)
      UTF-7 XSS by overriding document charset using <object> type
      attribute
    * MFSA 2010-62/CVE-2010-2769 (bmo#520189)
      Copy-and-paste or drag-and-drop into designMode document allows
      XSS
    * MFSA 2010-63/CVE-2010-2764 (bmo#552090)
      Information leak via XMLHttpRequest statusText
  - always use internal cairo (bnc#622375, bnc#626042)
* Fri Jul 16 2010 wr@rosenauer.org
  - security update to 2.0.6 (bnc#622506)
    * MFSA 2010-34/CVE-2010-1211/CVE-2010-1212
      Miscellaneous memory safety hazards
    * MFSA 2010-35/CVE-2010-1208 (bmo#572986)
      DOM attribute cloning remote code execution vulnerability
    * MFSA 2010-36/CVE-2010-1209 (bmo#552110)
      Use-after-free error in NodeIterator
    * MFSA 2010-37/CVE-2010-1214 (bmo#572985)
      Plugin parameter EnsureCachedAttrParamArrays remote code
      execution vulnerability
    * MFSA 2010-39/CVE-2010-2752 (bmo#574059)
      nsCSSValue::Array index integer overflow
    * MFSA 2010-40/CVE-2010-2753 (bmo#571106)
      nsTreeSelection dangling pointer remote code execution
      vulnerability
    * MFSA 2010-41/CVE-2010-1205 (bmo#570451)
      Remote code execution using malformed PNG image
    * MFSA 2010-42/CVE-2010-1213 (bmo#568148)
      Cross-origin data disclosure via Web Workers and importScripts
    * MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957)
      Multiple location bar spoofing vulnerabilities
    * MFSA 2010-46/CVE-2010-0654 (bmo#524223)
      Cross-domain data theft using CSS
    * MFSA 2010-47/CVE-2010-2754 (bmo#568564)
      Cross-origin data leakage from script filename in error messages
* Fri May 07 2010 wr@rosenauer.org
  - security update to 2.0.5 (bnc#603356)
    * MFSA 2010-25/CVE-2010-1121 (bmo#555109)
      Re-use of freed object due to scope confusion
    * MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/
      CVE-2010-1203
      Crashes with evidence of memory corruption (rv:1.9.1.10)
    * MFSA 2010-27/CVE-2010-0183 (bmo#557174)
      Use-after-free error in nsCycleCollector::MarkRoots()
    * MFSA 2010-28/CVE-2010-1198 (bmo#532246)
      Freed object reuse across plugin instances
    * MFSA 2010-29/CVE-2010-1196 (bmo#534666)
      Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
    * MFSA 2010-30/CVE-2010-1199 (bmo#554255)
      Integer Overflow in XSLT Node Sorting
    * MFSA 2010-31/CVE-2010-1125 (bmo#552255)
      focus() behavior can be used to inject or steal keystrokes
    * MFSA 2010-32/CVE-2010-1197 (bmo#537120)
      Content-Disposition: attachment ignored if
      Content-Type: multipart also present
    * MFSA 2010-33/CVE-2008-5913 (bmo#475585)
      User tracking across sites using Math.random()
* Wed Mar 17 2010 wr@rosenauer.org
  - security update to 2.0.4 (bnc#586567)
    * MFSA 2010-16/CVE-2010-0173/CVE-2010-0174
      Crashes with evidence of memory corruption
    * MFSA 2010-17/CVE-2010-0175 (bmo#540100,375928)
      Remote code execution with use-after-free in nsTreeSelection
    * MFSA 2010-18/CVE-2010-0176 (bmo#538308)
      Dangling pointer vulnerability in nsTreeContentView
    * MFSA 2010-19/CVE-2010-0177 (bmo#538310)
      Dangling pointer vulnerability in nsPluginArray
    * MFSA 2010-20/CVE-2010-0178 (bmo#546909)
      Chrome privilege escalation via forced URL drag and drop
    * MFSA 2010-22/CVE-2009-3555 (bmo#545755)
      Update NSS to support TLS renegotiation indication
    * MFSA 2010-23/CVE-2010-0181 (bmo#452093)
      Image src redirect to mailto: URL opens email editor
    * MFSA 2010-24/CVE-2010-0182 (bmo#490790)
      XMLDocument::load() doesn't check nsIContentPolicy
* Wed Feb 24 2010 wr@rosenauer.org
  - added translation subpackages
* Wed Feb 17 2010 wr@rosenauer.org
  - security update to 2.0.3 (bnc#576969)
    * MFSA-2010-01/CVE-2010-0159
      Crashes with evidence of memory corruption
    * MFSA-2010-02/CVE-2010-0160
      Web Worker Array Handling Heap Corruption Vulnerability
    * MFSA-2010-03/CVE-2009-1571 (bmo#526500)
      Use-after-free crash in HTML parser
    * MFSA-2010-04/CVE-2009-3988 (bmo#504862)
      XSS due to window.dialogArguments being readable cross-domain
    * MFSA-2010-05/CVE-2010-0162 (bmo#455472)
      XSS hazard using SVG document and binary Content-Type
* Mon Jan 18 2010 vuntz@opensuse.org
  - Remove unneeded orbit-devel BuildRequires.
* Tue Jan 05 2010 wr@rosenauer.org
  - stability update to 2.0.2 (bnc#568011)
    * DNS resolution in MakeSN of nsAuthSSPI causing issues for
      proxy servers that support NTLM auth (bmo#535193)
* Thu Dec 10 2009 wr@rosenauer.org
  - security update to 2.0.1 (bnc#559807)
    * MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982
      Crashes with evidence of memory corruption (rv:1.9.1.6)
    * MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816)
      Memory safety fixes in liboggplay media library
    * MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613)
      Integer overflow, crash in libtheora video library
    * MFSA 2009-68/CVE-2009-3983 (bmo#487872)
      NTLM reflection vulnerability
    * MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232)
      Location bar spoofing vulnerabilities
    * MFSA 2009-70/VE-2009-3986 (bmo#522430)
      Privilege escalation via chrome window.opener
* Mon Oct 19 2009 wr@rosenauer.org
  - update to 2.0rc2 which might become the final 2.0 version
    * based on final Gecko 1.9.1.4 (build3)
* Thu Oct 08 2009 wr@rosenauer.org
  - update to 2.0rc1
    * based on Gecko 1.9.1.4
    * removed upstreamed patches
    * compatible with enigmail (bnc#544326, bnc#530811)
  - fixed startup notification (bnc#518603)
    (mozilla-startup-notification.patch)
* Mon Sep 14 2009 wr@rosenauer.org
  - update to 2.0b2
    * removed obsolete mozilla-jemalloc_deepbind.patch and
      mozilla-app-launcher.patch
  - remove obsolete code for protocol handlers (bmo#389732)
  - allow alternative button order for Gtk filechooser (bnc#527418)
  - added mozilla-prefer_plugin_pref.patch to introduce a new set of
    prefs to support preferring certain plugins for mime-types
  - added mozilla-sysplugin-biarch.patch to use
    /usr/$LIB/mozilla/plugins as system plugin dir (bmo#496708)
* Thu Aug 20 2009 wr@rosenauer.org
  - added Provides and Obsoletes for package merge (bnc#532678)
  - allow alternative button order for Gtk filechooser (bnc#527418)
* Tue Jul 28 2009 wr@rosenauer.org
  - fixed %exclude usage
* Tue Jul 21 2009 wr@rosenauer.org
  - update to 2.0b1
  - added create-tar.sh to source package
  - removed enigmail as it's provided as an own package built in
    Thunderbird now
* Thu Jul 09 2009 @rosenauer.org
  - update to 2.0a3-20090707 snapshot
  - define MOZ_APP_LAUNCHER for session management (bmo#453689)
    (mozilla-app-launcher.patch and mozilla.sh.in)
  - move intl.locale.matchOS to distribution specific prefs
    (removed locale.patch)
  - moved openSUSE specific prefs from greprefs to app prefs
  - added mozilla-jemalloc_deepbind.patch to fix various possible
    crashes (bnc#503151, bmo#493541)
  - added seamonkey-no-update.patch to hide the update menu item
* Wed Jun 17 2009 wr@rosenauer.org
  - major update to 2.0a3-20090617
    * based on Gecko 1.9.1
    * ported to Mozilla's toolkit
* Sat Apr 11 2009 wr@rosenauer.org
  - security update to 1.1.16 (bnc#488955,489411,492354)
    * MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217)
      Crash and remote code execution in XSL transformation
    * MFSA 2009-13/CVE-2009-1044 (bmo#484320)
      Arbitrary code execution via XUL tree moveToEdgeShift
* Thu Mar 19 2009 wr@rosenauer.org
  - update to security release 1.1.15 (bnc#478625)
    * MFSA 2009-07/CVE-2009-0771, CVE-2009-0772, CVE-2009-0773
      CVE-2009-0774:
      Crashes with evidence of memory corruption (rv:1.9.0.7)
    * MFSA 2009-09/CVE-2009-0776:
      XML data theft via RDFXMLDataSource and cross-domain redirect
    * MFSA 2009-10/CVE-2009-0040:
      Upgrade PNG library to fix memory safety hazards
  - use nss-shared-helper from 11.1 on which allows migrating to and
    sharing with other applications using NSS
    (can be disabled completely exporting MOZ_SM_NO_NSSHELPER=1)

Files

/usr/lib64/seamonkey/distribution/extensions/inspector@mozilla.org.xpi


Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Dec 10 11:47:24 2014