Linux Security
Linux Security
Linux Security

Debian: DSA-1751-1: New xulrunner packages fix several vulnerabilities

Date 22 Mar 2009
Posted By LinuxSecurity Advisories
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems:
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1751-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                       Moritz Muehlenhoff
March 22, 2009              
- ------------------------------------------------------------------------

Package        : xulrunner
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776

Several remote vulnerabilities have been discovered in Xulrunner, a 
runtime environment for XUL applications, such as the Iceweasel web
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:


    Martijn Wargers, Jesse Ruderman and Josh Soref discovered crashes
    in the layout engine, which might allow the execution of arbitrary


    Jesse Ruderman discovered crashes in the layout engine, which
    might allow the execution of arbitrary code.


    Gary Kwong, and Timothee Groleau discovered crashes in the
    Javascript engine, which might allow the execution of arbitrary code.


    Gary Kwong discovered crashes in the Javascript engine, which
    might allow the execution of arbitrary code. 


    It was discovered that incorrect memory management in the DOM
    element handling may lead to the execution of arbitrary code.


    Georgi Guninski discovered a violation of the same-origin policy
    through RDFXMLDataSource and cross-domain redirects.

For the stable distribution (lenny), these problems have been fixed
in version

As indicated in the Etch release notes, security support for the
Mozilla products in the oldstable distribution needed to be stopped
before the end of the regular Etch security maintenance life cycle.
You are strongly encouraged to upgrade to stable or switch to a still
supported browser.

For the unstable distribution (sid), these problems have been fixed in

We recommend that you upgrade your xulrunner packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:   115363 a077fce4011900bca3eb9e29d28eb156
    Size/MD5 checksum:     1777 126e1707100d3ece9b99a02a81513b4d
    Size/MD5 checksum: 43683292 f49b66c10e021debdfd9cd3705847d9b

Architecture independent packages:
    Size/MD5 checksum:  1480194 620fc7b640eb5c63f49faf6d0273700f

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   164564 c0fd815c4bc62979145b677ce27b80b9
    Size/MD5 checksum: 50856168 1cfd2129fdc1ca3a315bc2535ffff1d4
    Size/MD5 checksum:   931396 b3d0b53f040d6eca7df0aedd0be3b1c4
    Size/MD5 checksum:    71264 3020f67741813bc7bad96ec40e4a29ba
    Size/MD5 checksum:  9454574 983086d1b4955ad7f4005a18b88cae03
    Size/MD5 checksum:   112468 4b09f161e1e14636b3e1c35bb90c3cb7
    Size/MD5 checksum:   222116 9f061216f1515d1fec49bf1518514345
    Size/MD5 checksum:   429174 cda6eafe993cba8eea7c2c5542e51d07
    Size/MD5 checksum:  3350056 68af1a8546c0c057992982e56d723183

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:  3585686 9cf3e7a022eef14cd6ad4cbf045187bf
    Size/MD5 checksum:  7725014 d2c6f63ffb8f4f7e64334922c4a6f6a7
    Size/MD5 checksum:   222938 f5ab6707450239cf8b174f152bd6bb5c
    Size/MD5 checksum:   884738 e40c8d2a2124f432dd563fd5a125a474
    Size/MD5 checksum:   372702 09f6a6b6b26810e2d2d2300cea4214c2
    Size/MD5 checksum:   100906 9740761c3310e359b835750393d9bff3
    Size/MD5 checksum: 50089312 7bed62ba6c681f8471349067b49a21e2
    Size/MD5 checksum:   150788 ee0af9ae8d7d0de977519ade100816de
    Size/MD5 checksum:    69536 0ff41a18d4f5882ceda600df64824986

arm architecture (ARM)
    Size/MD5 checksum:  3577066 27719e4f71eb2e5b481fa0f3d7912bce
    Size/MD5 checksum:    66984 8c679ebba32b1384af3a5750465320c7
    Size/MD5 checksum:   222462 f4a7d49354a748f8830294948a7b8f04
    Size/MD5 checksum: 49032344 0c05d7175e9eb22094469fc9de6f2a98
    Size/MD5 checksum:   348220 b0927e0140c489f5c3f4b09564133af9
    Size/MD5 checksum:    83276 2004387ddc73135e25a67c138317d7cb
    Size/MD5 checksum:   814128 eecb02f7ef826ad4741a713765f2440e
    Size/MD5 checksum:   141012 7f077dcd313b0f640d1e7340ce8b774a
    Size/MD5 checksum:  6786524 5fafacbb4dde702dcc1c1773bb199d50

armel architecture (ARM EABI)
    Size/MD5 checksum:   142040 2c1eae7a96c613fee3732c913b43adac
    Size/MD5 checksum:   350054 cb36bc0c50f0dffc791e427adbb2f8ff
    Size/MD5 checksum:  6936596 927276975d4714ab8520f7cb945f1cf1
    Size/MD5 checksum:    83708 7ed5af9fe74ffcfa9a71cc85021c3b69
    Size/MD5 checksum:    69486 ec64732e668c780f8ccb4f78ac7f64c0
    Size/MD5 checksum:  3566506 a33c277b7d635b7043218bb2ce05e190
    Size/MD5 checksum:   819682 f783514a4de2459f49390e42b6d6447b
    Size/MD5 checksum:   222460 17f2114e6163b4791f961686fe89a31d
    Size/MD5 checksum: 49868760 5c75352b7ef5316a34b6e67d11e9d8e1

hppa architecture (HP PA RISC)
    Size/MD5 checksum:    70404 4760f85c0f04f072eede4b4c993dc038
    Size/MD5 checksum:   105120 59fcbdf19602eadde509c857c6611511
    Size/MD5 checksum: 50962534 4e2122f350c3899f0e33c174aa65e064
    Size/MD5 checksum:   220312 6730d3f02bd85e667578eff3ba3f7880
    Size/MD5 checksum:   409572 6507c866cd3041722cce0e7207430267
    Size/MD5 checksum:  9489732 ccc8bd8c33552249db59ab482b2fc85b
    Size/MD5 checksum:   158444 02479aa20123f80bf84e733a88740a46
    Size/MD5 checksum:   900116 f43a05fce0c6f737050f2787bc4176d1
    Size/MD5 checksum:  3612456 69480768a70e8c513056a1632d715719

i386 architecture (Intel ia32)
    Size/MD5 checksum: 49253286 a8efd19e7bb8008e42bcab702f49ac65
    Size/MD5 checksum:  3560196 c8f88642731a342281e4abac8159969d
    Size/MD5 checksum:  6584450 1adc7a600221da6e0313b5df52ac4b99
    Size/MD5 checksum:    78424 7584ebab2c66bde81cf2de1cd2a60a65
    Size/MD5 checksum:   347690 3d7d9e4d22c025474b02b25f01a10ce4
    Size/MD5 checksum:   222096 beaca0c2e1ed1686e5934aeee0924fd4
    Size/MD5 checksum:   847956 4441b1303937f9c7b3a4144a301e9ac3
    Size/MD5 checksum:    67116 7d6fed955ffe93aa0d5c3c9185de6d19
    Size/MD5 checksum:   140758 d0a9d5b44c672873895dfd46acdd71df

ia64 architecture (Intel ia64)
    Size/MD5 checksum:    75374 1d9263ff70da1e02ae9349915511851e
    Size/MD5 checksum:  3391498 3f2cd5e728ec8554791f9bef836766a4
    Size/MD5 checksum:   222110 0c00014265961c8949e23fb96d0dfc09
    Size/MD5 checksum: 49419014 87248376eab071d07031f24688b91145
    Size/MD5 checksum: 11270906 42ca2d74d8831d3cd1e8e19f48bc6389
    Size/MD5 checksum:   808954 707431b1a1267703425dbace2e5c1a28
    Size/MD5 checksum:   538408 ab19b31e20be1fa77dc349402eeed551
    Size/MD5 checksum:   120858 ced6b90e73cf3e7cc27a92fc39e9c75a
    Size/MD5 checksum:   179372 c4a804f4971b1b3a72b4894d6233081a

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:    96414 6c8171ad03a06a3bc1123c9fe2c5d08d
    Size/MD5 checksum:   222124 c9675f735e3acb3b2a0ac7115a7fc2c5
    Size/MD5 checksum:    68950 41e83fca37a1226743255a58a5d74c97
    Size/MD5 checksum:  3301768 3ba5887b03da79d395279a116eae5950
    Size/MD5 checksum: 51597006 03323bff63d234839d8379372e76a7ee
    Size/MD5 checksum:   377204 9431e3f1eed2875724ce3a1ce4109a7a
    Size/MD5 checksum:   914694 225f03925a4854fd44c40c963c1c7220
    Size/MD5 checksum:   144624 5a3164adbed9b29bca8d357e34f020a9
    Size/MD5 checksum:  7628860 f246218eaa05b3b68bc6e4c24508fefc

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum: 49718234 fd08349c08f096d10c17dcd4f6940c6c
    Size/MD5 checksum:   896428 7e82b46f300f734a3752a74829553a01
    Size/MD5 checksum:   222118 4bde9aa0bc7cde7cfc42c50cf2c4da9e
    Size/MD5 checksum:   144338 1dfe2f8820685451187c3f9e5569b668
    Size/MD5 checksum:   374968 4147d27ebd79a8aaf964e77dd37c3cf7
    Size/MD5 checksum:  7359526 3677db2270e5af3a0db404d19b01f02e
    Size/MD5 checksum:    96098 5e1934cd40bdc304e981e9d51c7ed2fb
    Size/MD5 checksum:  3302942 10093ab41c2ed71435fdf06096c72574
    Size/MD5 checksum:    68868 d59f630146380712affa185d33efa3e2

powerpc architecture (PowerPC)
    Size/MD5 checksum:  3278568 9d8f127a1e2f32ae90733a10aef5fb45
    Size/MD5 checksum:    94100 02b51a465ecfde9f6f9d2805318d7b7c
    Size/MD5 checksum:   884998 ab510619eaf290934542966cdcd581ba
    Size/MD5 checksum: 51145988 83afaf73dda95ceb31712648e0ea4294
    Size/MD5 checksum:   359528 cd54efa7739fa3444d0c20732bcdf1b0
    Size/MD5 checksum:   222128 1cfc1b60f237b96ea119905285904977
    Size/MD5 checksum:    72050 cdc63404724032b6ea9d4a502cff0c8f
    Size/MD5 checksum:   151550 b466d593850fbacdb8234226a6dd0023
    Size/MD5 checksum:  7259288 21a4fabd2ce581b0b34a329cf6a2ec04

s390 architecture (IBM S/390)
    Size/MD5 checksum:    71864 f0f904e2919c3279a99f87af3bcb3ebd
    Size/MD5 checksum: 50926048 9b248f7c28fb69fa7ef4861d2bfc46c5
    Size/MD5 checksum:   155472 4de500c06c47686624e0d600835081c4
    Size/MD5 checksum:   906128 e3130f9710b58ecd94989678a8de0efb
    Size/MD5 checksum:  8371282 5ce14c488364cdbd5b8fc21f82c7ba8f
    Size/MD5 checksum:   104890 8923ecdec8fa88f5160d5a89d0822d70
    Size/MD5 checksum:   222110 85e754f75f041290b0f145a90b5e8b14
    Size/MD5 checksum:   404008 2eb7ce2a970e1b80daf8b39a9544dc01
    Size/MD5 checksum:  3300828 79a033d7507ad304763da2f0eace04eb

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:   222126 b916ccb55d2025e57c4a5c9a0cc0e36b
    Size/MD5 checksum:  7129850 d098285d531f5b079500df87b92ae2c8
    Size/MD5 checksum:    87528 9cef0ff7237588817ffee311cd8ee309
    Size/MD5 checksum: 49113068 44ecb5d08a583cdc1452a51607f0d86c
    Size/MD5 checksum:   347092 5db06002270413ee9a3a83cf6e3b7f74
    Size/MD5 checksum:  3267612 36ebb254a0061d52d214a351fff218b2
    Size/MD5 checksum:   142674 4a10eae4fa6ba4a1d69485cdf845cf73
    Size/MD5 checksum:    68892 7d76094b0617f2170009171da49476aa
    Size/MD5 checksum:   818644 17d2ad45f42c1dc0e73f85e6da5ce138

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"64","type":"x","order":"1","pct":76.19,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"13","type":"x","order":"2","pct":15.48,"resources":[]},{"id":"181","title":"Hardly ever","votes":"7","type":"x","order":"3","pct":8.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.