Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

Debian Etch DSA-1704-1 Moderate: Xulrunner Remote Exploit Advisory

debian
Calendar Grey January 14, 2009
Scroller Debian
Revise xulrunner installations to mitigate external vulnerabilities. A series of adjustments aimed at boosting Ubuntu resilience and safety are part of this update.
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications

Summary

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2008-5500

Jesse Ruderman discovered that the layout engine is vulnerable to
DoS attacks that might trigger memory corruption and an integer
overflow. (MFSA 2008-60)

CVE-2008-5503

Boris Zbarsky discovered that an information disclosure attack could
be performed via XBL bindings. (MFSA 2008-61)

CVE-2008-5506

Marius Schilder discovered that it is possible to obtain sensible
data via a XMLHttpRequest. (MFSA 2008-64)

CVE-2008-5507

Chris Evans discovered that it is possible to obtain sensible data
via a JavaScript URL. (MFSA 2008-65)

CVE-2008-5508

Chip Salzenberg discovered possible phishing attacks via URLs with
leading whitespaces or control characters. (MFSA 2008-66)

CVE-2008-5511

It was discovered that it is possible to perform cross-site scripting
attacks via an XBL bind...

Read the Full Advisory

Package: xulrunner
CVE ID: CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.