update to 3.6.3

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=148

MozillaFirefox.changes

@@ -1,9 +1,44 @@
+-------------------------------------------------------------------
+Thu Apr  1 11:15:38 UTC 2010 - wr@rosenauer.org
+
+- security update to 3.6.3
+  * MFSA 2010-25/CVE-2010-1121 (bmo#555109)
+    Re-use of freed object due to scope confusion
+
 -------------------------------------------------------------------
 Thu Mar 18 06:43:33 CET 2010 - wr@rosenauer.org
 
 - security update to version 3.6.2 (bnc#586567)
-  * MFSA 2010-08/CVE-2010-1028 (bmo#552216)
+  * MFSA 2010-08/CVE-2010-1028
     WOFF heap corruption due to integer overflow
+  * MFSA 2010-09/CVE-2010-0164 (bmo#547143)
+    Deleted frame reuse in multipart/x-mixed-replace image
+  * MFSA 2010-10/CVE-2010-0170 (bmo#541530)
+    XSS via plugins and unprotected Location object
+  * MFSA 2010-11/CVE-2010-0165/CVE-2010-0166/CVE-2010-0167
+    Crashes with evidence of memory corruption
+  * MFSA 2010-12/CVE-2010-0171 (bmo#531364)
+    XSS using addEventListener and setTimeout on a wrapped object
+  * MFSA 2010-13/CVE-2010-0168 (bmo#540642)
+    Content policy bypass with image preloading
+  * MFSA 2010-14/CVE-2010-0169 (bmo#535806)
+    Browser chrome defacement via cached XUL stylesheets
+  * MFSA 2010-15/CVE-2010-0172 (bmo#537862)
+    Asynchronous Auth Prompt attaches to wrong window
+  * MFSA 2010-16/CVE-2010-0173/CVE-2010-0174
+    Crashes with evidence of memory corruption
+  * MFSA 2010-18/CVE-2010-0176 (bmo#538308)
+    Dangling pointer vulnerability in nsTreeContentView
+  * MFSA 2010-19/CVE-2010-0177 (bmo#538310)
+    Dangling pointer vulnerability in nsPluginArray
+  * MFSA 2010-20/CVE-2010-0178 (bmo#546909)
+    Chrome privilege escalation via forced URL drag and drop
+  * MFSA 2010-22/CVE-2009-3555 (bmo#545755)
+    Update NSS to support TLS renegotiation indication
+  * MFSA 2010-23/CVE-2010-0181 (bmo#452093)
+    Image src redirect to mailto: URL opens email editor
+  * MFSA 2010-24/CVE-2010-0182 (bmo#490790)
+    XMLDocument::load() doesn't check nsIContentPolicy
 
 -------------------------------------------------------------------
 Mon Jan 18 09:42:50 CET 2010 - wr@rosenauer.org

MozillaFirefox.spec

@@ -1,5 +1,5 @@
 #
-# spec file for package MozillaFirefox (Version 3.6.2)
+# spec file for package MozillaFirefox (Version 3.6.3)
 #
 # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #               2006-2010 Wolfgang Rosenauer
@@ -22,7 +22,7 @@
 Name:           MozillaFirefox
 %define xulrunner mozilla-xulrunner192
 BuildRequires:  autoconf213 gcc-c++ libcurl-devel libgnomeui-devel libidl-devel libnotify-devel python unzip update-desktop-files zip
-BuildRequires:  %{xulrunner}-devel = 1.9.2.2
+BuildRequires:  %{xulrunner}-devel = 1.9.2.3
 %if %suse_version > 1020
 BuildRequires:  fdupes
 %endif
@@ -34,9 +34,9 @@ BuildRequires:  wireless-tools
 License:        GPLv2+ ; LGPLv2.1+ ; MPLv1.1+
 Provides:       web_browser
 Provides:       firefox
-Version:        3.6.2
+Version:        3.6.3
 Release:        1
-%define         releasedate 2010031700
+%define         releasedate 2010040100
 Summary:        Mozilla Firefox Web Browser
 Url:            http://www.mozilla.org/
 Group:          Productivity/Networking/Web/Browsers

firefox-3.6.2-source.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5b355d011f3bf82266cbbfa6f2b17da9ebac6a4dfa59fe207d7f1dcd3b719001
-size 48514727

firefox-3.6.3-source.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e7211b6f12ea8a582f3a483cac0d97283436e5099b7c2a629a2d0093fa822b2c
+size 48515639

l10n-3.6.2.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e9e55f6ff857bae68761f3cc4c94688a86d7515181da22cbe22f5902ad7e3ceb
-size 36336474

l10n-3.6.3.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4de534dc1c5ad51a267042a409f0cf1be339b4b512a38e810fb9c84e229f23d6
+size 36338527