Debian: DSA-1820-1 Critical: Xulrunner Remote Exploitation Issues
debian
June 19, 2009
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser
Topics Covered
Summary
CVE-2009-1392
Several issues in the browser engine have been discovered, which can
result in the execution of arbitrary code. (MFSA 2009-24)
CVE-2009-1832
It is possible to execute arbitrary code via vectors involving "double
frame construction." (MFSA 2009-24)
CVE-2009-1833
Jesse Ruderman and Adam Hauner discovered a problem in the JavaScript
engine, which could lead to the execution of arbitrary code.
(MFSA 2009-24)
CVE-2009-1834
Pavel Cvrcek discovered a potential issue leading to a spoofing attack
on the location bar related to certain invalid unicode characters.
(MFSA 2009-25)
CVE-2009-1835
Gregory Fleischer discovered that it is possible to read arbitrary
cookies via a crafted HTML document. (MFSA 2009-26)
CVE-2009-1836
Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential
man-in-the-middle attack...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: xulrunner
CVE IDs: CVE-2009-1392 CVE-2009-1832 CVE-2009-1833 CVE-2009-1834 CVE-2009-1835
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!