Linux Security
Linux Security
Linux Security

Debian: DSA-1756-1: New xulrunner packages fix multiple vulnerabilities

Date 29 Mar 2009
Posted By LinuxSecurity Advisories
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems:

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1756-1                This email address is being protected from spambots. You need JavaScript enabled to view it.                         Noah Meyerhans
March 29, 2009            
- ------------------------------------------------------------------------

Package        : xulrunner
Vulnerability  : multiple
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2009-1169 CVE-2009-1044

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:


    Security researcher Guido Landi discovered that a XSL stylesheet could
    be used to crash the browser during a XSL transformation. An attacker
    could potentially use this crash to run arbitrary code on a victim's


    Security researcher Nils reported via TippingPoint's Zero Day Initiative
    that the XUL tree method _moveToEdgeShift was in some cases triggering
    garbage collection routines on objects which were still in use. In such
    cases, the browser would crash when attempting to access a previously
    destroyed object and this crash could be used by an attacker to run
    arbitrary code on a victim's computer.

Note that after installing these updates, you will need to restart any
packages using xulrunner, typically iceweasel or epiphany.

For the stable distribution (lenny), these problems have been fixed in version

As indicated in the Etch release notes, security support for the
Mozilla products in the oldstable distribution needed to be stopped
before the end of the regular Etch security maintenance life cycle.
You are strongly encouraged to upgrade to stable or switch to a still
supported browser.

For the unstable distribution (sid), these problems have been fixed in

We recommend that you upgrade your xulrunner package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:     1777 be107e8cce28d09395d6c2b0e2880e0b
    Size/MD5 checksum: 43683292 f49b66c10e021debdfd9cd3705847d9b
    Size/MD5 checksum:   115665 4886b961a24c13d9017e8f261b7a4ad4

Architecture independent packages:
    Size/MD5 checksum:  1480030 c12b4d6d534c0f12ec8e19760ca52a9b

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:    69048 cbcfc3f9addacdd2a6641980876910f1
    Size/MD5 checksum:  7725982 c5075bc0634cb5b2cfc8b64649f9511e
    Size/MD5 checksum:  3587626 1ce3de601c764c9bfb0c3998566f2baa
    Size/MD5 checksum:   887434 d373f8ed294bc6184a188bc820e04d6b
    Size/MD5 checksum:   220394 8ac87390e12115281d335b8773fb5733
    Size/MD5 checksum:   152152 76761d21f53d017af1ff349e528664ea
    Size/MD5 checksum:   372048 ba88e43241ab33621169f2e352bdf634
    Size/MD5 checksum: 50084206 d44a3028e5049f2b8051a5f6ed632fe6
    Size/MD5 checksum:   100434 d20e7c595e15ca0831d62d13d19c9d25

arm architecture (ARM)
    Size/MD5 checksum:   814182 2fe30b4c614a8dad20d6daa5e8156193
    Size/MD5 checksum:    83324 b2b5e1e0850ceb17bf60471435a751f8
    Size/MD5 checksum:  6786494 017302b5a56bdd55d3d1ffe18bd61832
    Size/MD5 checksum: 49032638 2343b97ac1a895a00c65d7c7d4854bf3
    Size/MD5 checksum:    67078 5891e17e7a7abe4b9b3ff3b06d1c5bf8
    Size/MD5 checksum:   348306 7cacc5c36e3139afa7e93cce23e55bdc
    Size/MD5 checksum:   141074 ddfcdb101f24b626caede43f36667ebb
    Size/MD5 checksum:   222552 099c35e0a9fc845e12d97e05dc5cefbe
    Size/MD5 checksum:  3577622 a45883aa5a860e9ceaccd1507b1e2b4d

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   106132 b21e7b60ef507b75d4e75cecf01507b4
    Size/MD5 checksum:   409632 8ad83b2450a8224287708d08fb0e3349
    Size/MD5 checksum:   222406 cc644de6ffb2987c4d3290760d851c3f
    Size/MD5 checksum: 50959494 30e6201361ab450cce9c1ae5767b7d00
    Size/MD5 checksum:   900224 98b504ea16f93598810cff8dd753c7cc
    Size/MD5 checksum:  3625060 bb06476c2dfef959c573a67f910f500a
    Size/MD5 checksum:    71008 d61063712c37cfde51b3944f1dbd311f
    Size/MD5 checksum:   157864 c9b9587d5b0582b35a1ccff76445f13f
    Size/MD5 checksum:  9487824 ebcb840996d1d69d6836e6d1aec2f81d

i386 architecture (Intel ia32)
    Size/MD5 checksum:  6581370 480961b3e126e36c1d4087df2c2fb6d9
    Size/MD5 checksum:   141498 729642753ad2a51d17983b3583f740b6
    Size/MD5 checksum:  3572938 f0bf3224b2c681417ba6dd8dcac5f96d
    Size/MD5 checksum:   846308 06e3b0690f2f3a868375f4d58a7b8614
    Size/MD5 checksum:   348812 acc2f219abb68286432720315861ed53
    Size/MD5 checksum:    82002 77b4ffe73322bf5ead4bc24ee3fc76d2
    Size/MD5 checksum:   222556 85fee1ce9133cb7ab9ce99f62b70e447
    Size/MD5 checksum:    67810 0eb6b02984351fa3bf02640d7ff1d4e6
    Size/MD5 checksum: 49248242 64fb21f6c3a2411743222fc26e304b76

ia64 architecture (Intel ia64)
    Size/MD5 checksum: 49419026 7cb040fbbef113cd5c8a1c5c443df6fd
    Size/MD5 checksum:   179458 82249a7cb150fce22af5f5681d3164fe
    Size/MD5 checksum: 11270206 be3c0b80f22210fa2a53236cbde9ceb9
    Size/MD5 checksum:   538492 e75c766e0666c1604805f8c4c97cc256
    Size/MD5 checksum:    75446 94f2c55150101f7a5811c9429364bd1b
    Size/MD5 checksum:   222198 62ba8960b8326d21523dc7c76cc1f9d8
    Size/MD5 checksum:   808982 3038817adea449b7715164cad73a5f16
    Size/MD5 checksum:  3391518 26decf00e4fb05e3dbfc61c9dd933f5b
    Size/MD5 checksum:   120932 e3af6d0b86f8d21a9fbb43986a5c79b3

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:   914808 749779b5620ceffb2845ac170699a866
    Size/MD5 checksum:   221900 63c93f91cf4ee34e307bd06c5675c460
    Size/MD5 checksum:   377372 1c527a4b63e3eb729124f54764261310
    Size/MD5 checksum: 51596012 c6b8d6fed635039a75e553a59164b0de
    Size/MD5 checksum:  7652050 4464324acfeaf2019722f4bddc980a64
    Size/MD5 checksum:   144160 3217dab8582a83c2e8db5ed0a2894c9a
    Size/MD5 checksum:    69328 7d17be8a925e42469ce3d46009eb0437
    Size/MD5 checksum:  3607854 683f1204c14aa14f72927e2babf2afc2
    Size/MD5 checksum:    96506 95148e457d3a554935ae2771553378d8

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:   896502 7293da4f42af7c5faadaff3d00e024ad
    Size/MD5 checksum:   222202 8ab7c65e1b6e67481b885951bf7b06ee
    Size/MD5 checksum:    96170 02b28ff5c4af5b3c5ab241e6ada57895
    Size/MD5 checksum:   144424 34f4f9236099f217f309dd3404cd32fc
    Size/MD5 checksum:   375064 c324513cb22e6bf942308fec5d6ffc44
    Size/MD5 checksum:  3303026 c9f09e3ac15cea9522e16d7606832417
    Size/MD5 checksum:  7359744 20955f26918492c6060f5196608cecca
    Size/MD5 checksum:    68948 e564d5ad298fa7f2eb43c3d142421b23
    Size/MD5 checksum: 49718170 f305c87d9f9f0a4bb25c782fbca0e553

powerpc architecture (PowerPC)
    Size/MD5 checksum: 51145940 d4450ede3188d085537b34912a130fc8
    Size/MD5 checksum:   222214 a193661cfee9a9baf937e51fa8927852
    Size/MD5 checksum:  7259520 7a5a2eb42cf43a3859c886f6604e7bb0
    Size/MD5 checksum:    94176 0f27b080d4ef6e907e97926d9bde09d8
    Size/MD5 checksum:   151634 eb3b55bb033dd21e3a395b5455fed3a3
    Size/MD5 checksum:    72114 856bcc9a079008a00f502c037f7e075b
    Size/MD5 checksum:  3278706 141fbb356a9b0ee7ddee52b32b250021
    Size/MD5 checksum:   359602 e678dd18f6fac0aad286a5d455e6d84f
    Size/MD5 checksum:   885062 6682354b8d0e8f25e6897bcfee801579

s390 architecture (IBM S/390)
    Size/MD5 checksum: 50926930 5066e277c6bb2f1435cd92ba4c09dc8f
    Size/MD5 checksum:   222190 c62253da00b92ab339f524ef6d525767
    Size/MD5 checksum:   404064 4f0c71caf3242ca9f1878ac6df71b414
    Size/MD5 checksum:   104972 ecefd67cf04623d0bd9deb66645ece52
    Size/MD5 checksum:   155536 33869ff68336fde0594bb45661f85c03
    Size/MD5 checksum:  3300930 9cf7bde0ab1e0c507566a88fd2a6562f
    Size/MD5 checksum:   906248 a03086436351f5085905acd1d4084f40
    Size/MD5 checksum:  8371150 b731e930186033123c928eeb52c186ba
    Size/MD5 checksum:    71936 426ddd3166525fdf235448bddcba413b

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:    68258 8c14ad467b7a590f0262ad0636b7a90b
    Size/MD5 checksum:    87020 d7241f5f6ae1a92e9bfe819955c42b88
    Size/MD5 checksum:  3571244 a50b84de8fe3f268e33882b5b325945d
    Size/MD5 checksum:   817342 554bd07b8f90071d36ac57c01c24b6a9
    Size/MD5 checksum:   220812 1edcd284a1520e8fdfdf68f015dd2211
    Size/MD5 checksum:  7152698 d33c5b929d5d98a02f0ce021b5bb1531
    Size/MD5 checksum:   346378 e617288c62da4165ed5230adbc9d7890
    Size/MD5 checksum:   141340 606be0ab05095515bbb3070d7543e1ca
    Size/MD5 checksum: 49112986 1c799dc5e9059379adadf2380bf5d0e2

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"50","type":"x","order":"1","pct":80.65,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"7","type":"x","order":"2","pct":11.29,"resources":[]},{"id":"181","title":"Hardly ever","votes":"5","type":"x","order":"3","pct":8.06,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.