Subject: CVS commit: [pkgsrc-2009Q1] pkgsrc/www/firefox3
From: Matthias Scheler
Date: 2009-04-23 00:08:43
Message id: 20090422220843.1367B175D0@cvs.netbsd.org

Log Message:
Pullup ticket #2746 - requested by tnn
firefox3: security update

Revisions pulled up:
- www/firefox3/Makefile			1.30
- www/firefox3/distinfo			1.23
---
Module Name:	pkgsrc
Committed By:	tnn
Date:		Wed Apr 22 18:15:05 UTC 2009

Modified Files:
	pkgsrc/www/firefox3: Makefile distinfo

Log Message:
Update to firefox3-3.0.9.

- Fixed several security issues:
  MFSA 2009-22 Firefox allows Refresh header to redirect to javascript: URIs
  MFSA 2009-21 POST data sent to wrong site when saving web page with
               embedded frame
  MFSA 2009-20 Malicious search plugins can inject code into arbitrary sites
  MFSA 2009-19 Same-origin violations in XMLHttpRequest and
               XPCNativeWrapper.toString
  MFSA 2009-18 XSS hazard using third-party stylesheets and XBL bindings
  MFSA 2009-17 Same-origin violations when Adobe Flash loaded via
               view-source: scheme
  MFSA 2009-16 jar: scheme ignores the content-disposition: header
               on the inner URI
  MFSA 2009-15 URL spoofing with box drawing character
  MFSA 2009-14 Crashes with evidence of memory corruption (rv:1.9.0.9)
- Fixed several stability issues.
- Many users experienced an issue where a corrupt local database caused
  Firefox to "lose" its stored cookies. (bug 470578)
- Fixed an issue where, starting with Firefox 3.0.7, inline image
  attachments on popular webmail services (like AOL and AIM) would not
  display. (bug 482659)
- Large forms would sometimes take a long time to submit. (bug 426991)
- In certain cases, new windows would not have proper focus. (bug 446568)

Files:
RevisionActionfile
1.26.2.1modifypkgsrc/www/firefox3/Makefile
1.18.2.1modifypkgsrc/www/firefox3/distinfo