MozillaFirefox-branding-upstream-3.6.27-1.1> A AlpA?O=AkGvm88t0W(!gӣ:#II hZ1a476cbee38cd6c3f5eb90ff3bbd57319795266ae5hV*QMzH?O=AkGvm]BJ/G1Q/v{#.`$!] h 8>:Zp?Z`d#* . S #;AHX ` h x  ,04\(]8d99H9:9FX1GXDHXTIXdXXhYXt\X]X^XbYcYdYeZfZ lZ zZZ+ZXZ\CMozillaFirefox-branding-upstream3.6.271.1Upstream branding for MozillaFirefoxThis package provides upstream look and feel for MozillaFirefox.O=}build06tmozilla / openSUSE_11.4obs://build.opensuse.org/mozillaMPL-1.1 or GPL-2.0+ or LGPL-2.1+Productivity/Networking/Web/Browsershttp://www.mozilla.org/linuxi586A큤A큤O=}O=}bO=}bO=}b30d93764aeb3c6b09e14886d2d27c9dd6410c513bc09a48d7122eb1307bb8e6arootrootrootrootrootrootrootrootMozillaFirefox-3.6.27-1.1.src.rpmMozillaFirefox-brandingMozillaFirefox-branding-upstreamMozillaFirefox-branding-upstream(x86-32)    rpmlib(VersionedDependencies)rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)rpmlib(PayloadIsLzma)3.0.3-14.0-13.0.4-14.4.6-1otherproviders(MozillaFirefox-branding)4.8.0O element * MFSA 2010-77/CVE-2010-3772 (bmo#594547) Crash and remote code execution using HTML tags inside a XUL tree * MFSA 2010-78/CVE-2010-3768 (bmo#527276) Add support for OTS font sanitizer * MFSA 2010-79/CVE-2010-3775 Java security bypass from LiveConnect loaded via data: URL meta refresh * MFSA 2010-80/CVE-2010-3766 (bmo#590771) Use-after-free error with nsDOMAttribute MutationObserver * MFSA 2010-81/CVE-2010-3767 (bmo#599468) Integer overflow vulnerability in NewIdArray * MFSA 2010-82/CVE-2010-3773 (bmo#554449) Incomplete fix for CVE-2010-0179 * MFSA 2010-83/VE-2010-3774 (bmo#602780) Location bar SSL spoofing using network error page * MFSA 2010-84/CVE-2010-3770 (bmo#601429) XSS hazard in multiple character encodings - export a versioned provides for "firefox"- security update to 3.6.12 (bnc#649492) * MFSA 2010-73/CVE-2010-3765 (bmo#607222) Heap buffer overflow mixing document.write and DOM insertion- security update to 3.6.11 (bnc#645315) * MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176 Miscellaneous memory safety hazards * MFSA 2010-65/CVE-2010-3179 (bmo#583077) Buffer overflow and memory corruption using document.write * MFSA 2010-66/CVE-2010-3180 (bmo#588929) Use-after-free error in nsBarProp * MFSA 2010-67/CVE-2010-3183 (bmo#598669) Dangling pointer vulnerability in LookupGetterOrSetter * MFSA 2010-68/CVE-2010-3177 (bmo#556734) XSS in gopher parser when parsing hrefs * MFSA 2010-69/CVE-2010-3178 (bmo#576616) Cross-site information disclosure via modal calls * MFSA 2010-70/CVE-2010-3170 (bmo#578697) SSL wildcard certificate matching IP addresses * MFSA 2010-71/CVE-2010-3182 (bmo#590753) Unsafe library loading vulnerabilities * MFSA 2010-72/CVE-2010-3173 Insecure Diffie-Hellman key exchange- update to 3.6.10 * fixing startup topcrash (bmo#594699)- security update to 3.6.9 (bnc#637303) * MFSA 2010-49/CVE-2010-3169 Miscellaneous memory safety hazards * MFSA 2010-50/CVE-2010-2765 (bmo#576447) Frameset integer overflow vulnerability * MFSA 2010-51/CVE-2010-2767 (bmo#584512) Dangling pointer vulnerability using DOM plugin array * MFSA 2010-53/CVE-2010-3166 (bmo#579655) Heap buffer overflow in nsTextFrameUtils::TransformText * MFSA 2010-54/CVE-2010-2760 (bmo#585815) Dangling pointer vulnerability in nsTreeSelection * MFSA 2010-55/CVE-2010-3168 (bmo#576075) XUL tree removal crash and remote code execution * MFSA 2010-56/CVE-2010-3167 (bmo#576070) Dangling pointer vulnerability in nsTreeContentView * MFSA 2010-57/CVE-2010-2766 (bmo#580445) Crash and remote code execution in normalizeDocument * MFSA 2010-59/CVE-2010-2762 (bmo#584180) SJOW creates scope chains ending in outer object * MFSA 2010-61/CVE-2010-2768 (bmo#579744) UTF-7 XSS by overriding document charset using type attribute * MFSA 2010-62/CVE-2010-2769 (bmo#520189) Copy-and-paste or drag-and-drop into designMode document allows XSS * MFSA 2010-63/CVE-2010-2764 (bmo#552090) Information leak via XMLHttpRequest statusText- disable crash reporter for non x86/x86_64 to make it build.- security update to 3.6.8 (bnc#622506) * MFSA 2010-48/CVE-2010-2755 (bmo#575836) Dangling pointer crash regression from plugin parameter array fix- security update to 3.6.7 (bnc#622506) * MFSA 2010-34/CVE-2010-1211/CVE-2010-1212 Miscellaneous memory safety hazards * MFSA 2010-35/CVE-2010-1208 (bmo#572986) DOM attribute cloning remote code execution vulnerability * MFSA 2010-36/CVE-2010-1209 (bmo#552110) Use-after-free error in NodeIterator * MFSA 2010-37/CVE-2010-1214 (bmo#572985) Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability * MFSA 2010-38/CVE-2010-1215 (bmo#567069) Arbitrary code execution using SJOW and fast native function * MFSA 2010-39/CVE-2010-2752 (bmo#574059) nsCSSValue::Array index integer overflow * MFSA 2010-40/CVE-2010-2753 (bmo#571106) nsTreeSelection dangling pointer remote code execution vulnerability * MFSA 2010-41/CVE-2010-1205 (bmo#570451) Remote code execution using malformed PNG image * MFSA 2010-42/CVE-2010-1213 (bmo#568148) Cross-origin data disclosure via Web Workers and importScripts * MFSA 2010-43/CVE-2010-1207 (bmo#571287) Same-origin bypass using canvas context * MFSA 2010-44/CVE-2010-1210 (bmo#564679) Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish * MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957) Multiple location bar spoofing vulnerabilities * MFSA 2010-46/CVE-2010-0654 (bmo#524223) Cross-domain data theft using CSS * MFSA 2010-47/CVE-2010-2754 (bmo#568564) Cross-origin data leakage from script filename in error messages- update to 3.6.6 release * modifies the crash protection feature to increase the amount of time that plugins are allowed to be non-responsive before being terminated.- update to final 3.6.4 release (bnc#603356) * MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/ CVE-2010-1203 Crashes with evidence of memory corruption (rv:1.9.2.4) * MFSA 2010-28/CVE-2010-1198 (bmo#532246) Freed object reuse across plugin instances * MFSA 2010-29/CVE-2010-1196 (bmo#534666) Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal * MFSA 2010-30/CVE-2010-1199 (bmo#554255) Integer Overflow in XSLT Node Sorting * MFSA 2010-31/CVE-2010-1125 (bmo#552255) focus() behavior can be used to inject or steal keystrokes * MFSA 2010-32/CVE-2010-1197 (bmo#537120) Content-Disposition: attachment ignored if Content-Type: multipart also present * MFSA 2010-33/CVE-2008-5913 (bmo#475585) User tracking across sites using Math.random()- update to 3.6.4(build6)- security update to 3.6.4 (Lorentz) * enable crashreporter also for x86-64 * Flash runs in a separate process to avoid crashing Firefox (ix86 only; x86-64 still uses nspluginwrapper)- security update to 3.6.3 * MFSA 2010-25/CVE-2010-1121 (bmo#555109) Re-use of freed object due to scope confusion- security update to version 3.6.2 (bnc#586567) * MFSA 2010-08/CVE-2010-1028 WOFF heap corruption due to integer overflow * MFSA 2010-09/CVE-2010-0164 (bmo#547143) Deleted frame reuse in multipart/x-mixed-replace image * MFSA 2010-10/CVE-2010-0170 (bmo#541530) XSS via plugins and unprotected Location object * MFSA 2010-11/CVE-2010-0165/CVE-2010-0166/CVE-2010-0167 Crashes with evidence of memory corruption * MFSA 2010-12/CVE-2010-0171 (bmo#531364) XSS using addEventListener and setTimeout on a wrapped object * MFSA 2010-13/CVE-2010-0168 (bmo#540642) Content policy bypass with image preloading * MFSA 2010-14/CVE-2010-0169 (bmo#535806) Browser chrome defacement via cached XUL stylesheets * MFSA 2010-15/CVE-2010-0172 (bmo#537862) Asynchronous Auth Prompt attaches to wrong window * MFSA 2010-16/CVE-2010-0173/CVE-2010-0174 Crashes with evidence of memory corruption * MFSA 2010-18/CVE-2010-0176 (bmo#538308) Dangling pointer vulnerability in nsTreeContentView * MFSA 2010-19/CVE-2010-0177 (bmo#538310) Dangling pointer vulnerability in nsPluginArray * MFSA 2010-20/CVE-2010-0178 (bmo#546909) Chrome privilege escalation via forced URL drag and drop * MFSA 2010-22/CVE-2009-3555 (bmo#545755) Update NSS to support TLS renegotiation indication * MFSA 2010-23/CVE-2010-0181 (bmo#452093) Image src redirect to mailto: URL opens email editor * MFSA 2010-24/CVE-2010-0182 (bmo#490790) XMLDocument::load() doesn't check nsIContentPolicy- update to 3.6rc2 (already named 3.6.0) - removed obsolete orbit-devel build requirement- major update to 3.6rc1- update to version 3.5.7 (bnc#568011) * DNS resolution in MakeSN of nsAuthSSPI causing issues for proxy servers that support NTLM auth (bmo#535193) - added missing lockdown preferences (bnc#567131)- readded firefox-ui-lockdown.patch (bnc#546158)- security update to version 3.5.6 (bnc#559807) * MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982 Crashes with evidence of memory corruption (rv:1.9.1.6) * MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816) Memory safety fixes in liboggplay media library * MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613) Integer overflow, crash in libtheora video library * MFSA 2009-68/CVE-2009-3983 (bmo#487872) NTLM reflection vulnerability * MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities * MFSA 2009-70/VE-2009-3986 (bmo#522430) Privilege escalation via chrome window.opener - fixed firefox-browser-css.patch (bnc#561027)- rebased patches for fuzz=0- update to version 3.5.5 (bnc#553172)- security update to version 3.5.4 (bnc#545277) * MFSA 2009-52/CVE-2009-3370 (bmo#511615) Form history vulnerable to stealing * MFSA 2009-53/CVE-2009-3274 (bmo#514823) Local downloaded file tampering * MFSA 2009-54/CVE-2009-3371 (bmo#514554) Crash with recursive web-worker calls * MFSA 2009-55/CVE-2009-3372 (bmo#500644) Crash in proxy auto-configuration regexp parsing * MFSA 2009-56/CVE-2009-3373 (bmo#511689) Heap buffer overflow in GIF color map parser * MFSA 2009-57/CVE-2009-3374 (bmo#505988) Chrome privilege escalation in XPCVariant::VariantDataToJS() * MFSA 2009-59/CVE-2009-1563 (bmo#516396, bmo#516862) Heap buffer overflow in string to number conversion * MFSA 2009-61/CVE-2009-3375 (bmo#503226) Cross-origin data theft through document.getSelection() * MFSA 2009-62/CVE-2009-3376 (bmo#511521) Download filename spoofing with RTL override * MFSA 2009-63/CVE-2009-3377/CVE-2009-3379/CVE-2009-3378 Upgrade media libraries to fix memory safety bugs * MFSA 2009-64/CVE-2009-3380/CVE-2009-3381/CVE-2009-3383 Crashes with evidence of memory corruption - removed upstreamed patch * firefox-bug506901.patch- fix KDE button order in one more place (bnc#170055)- improve UI colors to be usable with dark themes at all (firefox-browser-css.patch) (bnc#503351) - extend list of supported architectures as ABI identifier (mozilla-abi.patch) (bnc#543460)- added KDE integration patch from llunak@novell.com (firefox-kde.patch) * support for knotify, making -kde4-addon obsolete * KDE-specific support functional (bnc#170055) - do not build libnkgnomevfs (bmo#512671) (firefox-no-gnomevfs)- security update to version 3.5.3 (bnc#534458) * MFSA 2009-47/CVE-2009-3069/CVE-2009-3070/CVE-2009-3071/ CVE-2009-3072/CVE-2009-3073/CVE-2009-3074/CVE-2009-3075 Crashes with evidence of memory corruption * MFSA 2009-49/CVE-2009-3077 (bmo#506871) TreeColumns dangling pointer vulnerability * MFSA 2009-50/CVE-2009-3078 (bmo#453827) Location bar spoofing via tall line-height Unicode characters * MFSA 2009-51/CVE-2009-3079 (bmo#454363) Chrome privilege escalation with FeedWriter- renamed patch firefox-contextmenu-gnome to firefox-cross-desktop as it contains more tweaks to handle non-Gnome environments and especially KDE integration: * added the ability to set the KDE default browser (still part of bnc#170055)- split -translations package into -common and -other (bnc#529180) - remove "set as background" from context menu if not running in Gnome (part of bnc#170055)- security update to version 3.5.2 * MFSA 2009-38/CVE-2009-2470 (bmo#459524) Data corruption with SOCKS5 reply containing DNS name longer than 15 characters * MFSA 2009-44/CVE-2009-2654 (bmo#451898) Location bar and SSL indicator spoofing via window.open() on invalid URL * MFSA 2009-45 Crashes with evidence of memory corruption * MFSA 2009-46 (bmo#498897) Chrome privilege escalation due to incorrectly cached wrapper * various other stability fixes - export MOZ_APP_LAUNCHER in the startscript (bmo#453689)- fixed %exclude usage - fixed preferences' advanced pane for fresh profiles (bmo#506901)- security update to version 3.5.1 * MFSA 2009-41 Corrupt JIT state after deep return from native function- added mozilla-linkorder.patch to fix build with --as-needed- update to final version 3.5 (20090623)- fixed build by linking to a real file- update to version 3.5rc2 (20090617) - BuildRequire mozilla-xulrunner191 = 1.9.1.0- update to version 3.5b99 (20090604) - BuildRequire mozilla-xulrunner191 = 1.9.1b99- fixed typos in improved xulrunner dependencies- use non-localized Downloads folder (bnc#501724)- update to new major version 3.5b4 * based on Gecko 1.9.1 (mozilla-xulrunner191) * Private Browsing Mode * TraceMonkey JavaScript engine * Geolocation support * native JSON and web worker threads support * speculative parsing for faster content rendering * Some HTML5 support - updated firefox.schemas - improved firefox-no-update.patch- security update to 3.0.10 * MFSA 2009-23/CVE-2009-1313 (bmo#489647) Crash in nsTextFrame::ClearTextRun()- security update to 3.0.9 (bnc#495473) * MFSA 2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304/CVE-2009-1305 Crashes with evidence of memory corruption (rv:1.9.0.9) * MFSA 2009-15/CVE-2009-0652 (bmo#479336) URL spoofing with box drawing character * MFSA 2009-16/CVE-2009-1306 (bmo#474536) jar: scheme ignores the content-disposition: header on the inner URI * MFSA 2009-17/CVE-2009-1307 (bmo#481342) Same-origin violations when Adobe Flash loaded via view-source: scheme * MFSA 2009-18/CVE-2009-1308 (bmo#481558) XSS hazard using third-party stylesheets and XBL bindings * MFSA 2009-19/CVE-2009-1309 (bmo#482206,478433) Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString * MFSA 2009-20/CVE-2009-1310 (bmo#483086) Malicious search plugins can inject code into arbitrary sites * MFSA 2009-21/CVE-2009-1311 (bmo#471962) POST data sent to wrong site when saving web page with embedded frame * MFSA 2009-22/CVE-2009-1312 (bmo#475636) Firefox allows Refresh header to redirect to javascript: URIs- security update to 1.9.0.8 (bnc#488955,489411) * MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217) Crash and remote code execution in XSL transformation * MFSA 2009-13/CVE-2009-1044 (bmo#484320) Arbitrary code execution via XUL tree moveToEdgeShift - allow RPM provides for stuff besides shared libraries (e.g. mime-types)- security update to 3.0.7 (bnc#478625) * MFSA 2009-07 - Crashes with evidence of memory corruption CVE-2009-0771 - Layout Engine Crashes CVE-2009-0772 - Layout Engine Crashes CVE-2009-0773 - crashes in the JavaScript engine CVE-2009-0774 - Layout Engine Crashes * MFSA 2009-08/CVE-2009-0775 - (bmo#474456) Mozilla Firefox XUL Linked Clones Double Free Vulnerability * MFSA 2009-09/CVE-2009-0776 (bmo#414540) XML data theft via RDFXMLDataSource and cross-domain redirect * MFSA 2009-10/CVE-2009-0040 (bmo#478901) Upgrade PNG library to fix memory safety hazards * MFSA 2009-11/CVE-2009-0777 (bmo#452979) URL spoofing with invisible control charactersbuild06 1329429939cccc3.53.6.27-1.13.6.27-1.1firefoxbrowserconfig.propertiesdefaultsbookmarks.html/usr/lib//usr/lib/firefox//usr/lib/firefox/defaults/profile/-fomit-frame-pointer -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.opensuse.org/mozilla/openSUSE_11.4/c9a0d5d35d981016071094227484d1d7-MozillaFirefoxcpiolzma5i586-suse-linux3>C @Npackageand(MozillaFirefox:branding-upstream)?`] c 0ϿlڭDpK|szKڛ38}3~ߎ46uaXn_ѩq~[a:wc )S:J']ci@gRZWm&.ƫUzNl,u 'kQ/ĝ?-_zƶXDt(6". X_Ťx)Ʊ)DۗkA?u(Jk'$4Fz^-bm k>C]V21\{dT:9Drwjz1tjZeV?$L(X ^0R €:Z!InWw\&@k^T╔Fƍ$ jp9Iw>} u|1D濲jŽOa뫨! V~hi%o%!9uRE\L:^$)H+Qy elj;Ur7;O7Z#MK ohoE V9LU}|葚Mc Z;$Cy 5.)xqB ;ׇ63z +ǼEXt~scӝ io!  ЕkV?̈́{Ƌ1+xKg:"zgN$窒 D), ɚR:DF^.{$ { +IA|m }DeO"q$_~_\&28+|o}< /HB!!I8JQ猤GUv" wI 0I}ynOf@SW7a.)+VfC~ 3湼f%~}L:slgqF#iw3@yݹl װ0IӕpY.E7xm@t~>A+#?# }p~`KV,{w8{ng=>XC# iȤͰ^ b3ׁ= \~FTbk(!cuo! G)SXO&κ6+IBHHHgZax.I)( nfcH^N ~XnSj.z""1~o݈K"yC%c,xBp*&Ku( oeDfL(#II xXDdjCl ]oo+jMC1⒆̓GN|*jL_e6n@7$V q{JL@s~[g|c_CfţRkpAł"&c̑ìSk1 YoMNΞr[W6mCnE\:Kڻ{--B^&8}W$  S$aW %n'{c6X>LւTt+z!)MiHw sAmX|J/}V}VpL0A9sV $&h `Js89|EV &>؈cȃ$m9BB8Fi~HV9HSͣZa9OG^i%瀡^ԋ$LV>Depn3I;_yWь=Q tf{[4TV* r'4DUx5DDWV_* ڌ^9:׽w;u$h10֑V2e>틒rH*!9=Bxڰl$ r_׫aR+[k3zp(pIjВ_*} @'0~cAt'F=:ue*#9IK`DUrjq)x"PԙEI+E޷G|] _Y 6R"Id|pIFV>.nt<[3Tf=./@Qx 7U~݁qi|l,YZ!c69Ay2QCS0vY_#b,2RRؑ Ѓ;J([CJ %^2?S՗C *6H<r k'jn񷪀ˍZʿbPBf6$B- "bhJ'Bit h X@f,wgqX6埍 B1WHTLv9ޡ@XA<3ʫvPNn95!FfyJPi