Afternoon,
On the first of the month I back-ported mozilla-firefox-2.0.0.14 from -CURRENT.
This moning I discovered I still had the package in my home directory and thought it might be of use to some of the other forum members.
The following security vulnerabilities are fixed:
- MFSA 2008-20 Crash in JavaScript garbage collector
- MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
- MFSA 2008-18 Java socket connection to any local port via LiveConnect
- MFSA 2008-17 Privacy issue with SSL Client Authentication
- MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
- MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)
- MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution
Download link:
Code:
http://www.mediafire.com/?dsnnlly9x4d
Code:
SHA256 (mozilla-firefox-2.0.0.14.tgz) = 6d7df95f407038a8c983b4dd4c5b9ba1abadf30f647d84aecd4dfc131d2af5d3
As similarly asked on jggimi's FAQ,
http://jggimi.homeip.net/livecd/faq.html#trust
Q) "Can this non-official package be trusted?"
A) "Of course not. The Internet is a dangerous place."
Still, You have my word as an OpenBSD user, This package is not in any way tampered with.. I like being a member of this site, I wouldn't risk that.