Debian: DSA-1797-1 Urgent: Remote Xulrunner Threats Require Upgrade
debian
May 9, 2009
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser
Topics Covered
Summary
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2009-0652
Moxie Marlinspike discovered that Unicode box drawing characters inside of
internationalised domain names could be used for phishing attacks.
CVE-2009-1302
Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman
and Gary Kwong reported crashes in the in the layout engine, which might
allow the execution of arbitrary code.
CVE-2009-1303
Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman
and Gary Kwong reported crashes in the in the layout engine, which might
allow the execution of arbitrary code.
CVE-2009-1304
Igor Bukanov and Bob Clary discovered crashes in the Javascript engine,
which might allow the execution of arbitrary code.
CVE-2009-1305
Igor Bukanov and Bob Clary discov...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: xulrunner
CVE ID: CVE-2009-0652 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1311
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!