[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-1999-1 xulrunner -- several

ID: oval:org.secpod.oval:def:600159Date: (C)2011-01-28   (M)2017-11-27
Class: PATCHFamily: unix




Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1571 Alin Rad Pop discovered that incorrect memory handling in the HTML parser could lead to the execution of arbitrary code. CVE-2009-3988 Hidetake Jo discovered that the same-origin policy can be bypassed through window.dialogArguments. CVE-2010-0159 Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn Wargers and Paul Nickerson reported crashes in layout engine, which might allow the execution of arbitrary code. CVE-2010-0160 Orlando Barrera II discovered that incorrect memory handling in the implementation of the web worker API could lead to the execution of arbitrary code. CVE-2010-0162 Georgi Guninski discovered that the same origin policy can be bypassed through specially crafted SVG documents. For the stable distribution , these problems have been fixed in version 1.9.0.18-1. For the unstable distribution , these problems have been fixed in version 1.9.1.8-1. We recommend that you upgrade your xulrunner packages.

Platform:
Debian 5.0
Product:
xulrunner
Reference:
DSA-1999-1
CVE-2009-1571
CVE-2009-3988
CVE-2010-0159
CVE-2010-0160
CVE-2010-0162
CVE    5
CVE-2009-1571
CVE-2010-0162
CVE-2010-0160
CVE-2010-0159
...
CPE    1
cpe:/o:debian:debian_linux:5.x

© 2013 SecPod Technologies