DSA-2106-2 xulrunner -- severalID: oval:org.secpod.oval:def:600019 | Date: (C)2011-01-28 (M)2022-10-10 |
Class: PATCH | Family: unix |
DSA-2106-1 introduced a regression that could lead to an application crash. This update fixes this problem. For reference, the text of the original advisory is provided below. Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: - - Implementation errors in XUL processing allow the execution of arbitrary code - - An implementation error in the XPCSafeJSObjectWrapper wrapper allows the bypass of the same origin policy - - An integer overflow in frame handling allows the execution of arbitrary code - - An implementation error in DOM handling allows the execution of arbitrary code - - Incorrect pointer handling in the plugin code allow the execution of arbitrary code - - Incorrect handling of an object tag may lead to the bypass of cross site scripting filters - - Incorrect copy and paste handling could lead to cross site scripting - - Crashes in the layout engine may lead to the execution of arbitrary code For the stable distribution , the problem has been fixed in version 1.9.0.19-5. The packages for the mips architecture are not included in this update. They will be released as soon as they become available. We recommend that you upgrade your xulrunner packages.