Linux Security
    Linux Security
    Linux Security

    Debian: DSA-1840-1: New xulrunner packages fix several vulnerabilities

    Date 23 Jul 2009
    Posted By LinuxSecurity Advisories
    Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems:
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1840-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                      Steffen Joeris
    July 23, 2009               
    - ------------------------------------------------------------------------
    Package        : xulrunner                                                                                                                                      
    Vulnerability  : several vulnerabilities                                                                                                                        
    Problem type   : remote                                                                                                                                         
    Debian-specific: no                                                                                                                                             
    CVE IDs        : CVE-2009-2462 CVE-2009-2463 CVE-2009-2464 CVE-2009-2465                                                                                        
                     CVE-2009-2466 CVE-2009-2467 CVE-2009-2469 CVE-2009-2471                                                                                        
    Several remote vulnerabilities have been discovered in Xulrunner, a
    runtime environment for XUL applications, such as the Iceweasel web
    browser. The Common Vulnerabilities and Exposures project identifies the
    following problems:                                                     
    Martijn Wargers, Arno Renevier, Jesse Ruderman, Olli Pettay and Blake
    Kaplan disocvered several issues in the browser engine that could    
    potentially lead to the execution of arbitrary code. (MFSA 2009-34)  
    monarch2020 reported an integer overflow in a base64 decoding function.
    (MFSA 2009-34)                                                         
    Christophe Charron reported a possibly exploitable crash occuring when                                                                                                             
    multiple RDF files were loaded in a XUL tree element. (MFSA 2009-34)                                                                                                               
    Yongqian Li reported that an unsafe memory condition could be created by
    specially crafted document. (MFSA 2009-34)                              
    Peter Van der Beken, Mike Shaver, Jesse Ruderman, and Carsten Book
    discovered several issues in the JavaScript engine that could possibly
    lead to the execution of arbitrary JavaScript. (MFSA 2009-34)
    Attila Suszter discovered an issue related to a specially crafted Flash
    object, which could be used to run arbitrary code. (MFSA 2009-35)
    PenPal discovered that it is possible to execute arbitrary code via a
    specially crafted SVG element. (MFSA 2009-37)
    Blake Kaplan discovered a flaw in the JavaScript engine that might allow
    an attacker to execute arbitrary JavaScript with chrome privileges.
    (MFSA 2009-39)
    moz_bug_r_a4 discovered an issue in the JavaScript engine that could be
    used to perform cross-site scripting attacks. (MFSA 2009-40)
    For the stable distribution (lenny), these problems have been fixed in
    As indicated in the Etch release notes, security support for the
    Mozilla products in the oldstable distribution needed to be stopped
    before the end of the regular Etch security maintenance life cycle.
    You are strongly encouraged to upgrade to stable or switch to a still
    supported browser.
    For the testing distribution (squeeze), these problems will be fixed
    For the unstable distribution (sid), these problems have been fixed in
    We recommend that you upgrade your xulrunner packages.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    Debian (stable)
    - ---------------
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    Source archives:
        Size/MD5 checksum:     1784 2e69bafb336aca4645e1b2412480d646
        Size/MD5 checksum:   115977 272c3211139a5bc8b18589b13c2994ff
        Size/MD5 checksum: 43962222 60c12321966d292048b4540ef6484661
    Architecture independent packages:
        Size/MD5 checksum:  1463680 bb282df0a8f54e0b9529ea17d6adb2f3
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:   936648 2eb64e94b4cc213be6f6cfa8bfdc9a1c
        Size/MD5 checksum:  9489172 d0634164e64df2a81116f0b28b83c9c8
        Size/MD5 checksum:  3650294 22141e833d702cf88f156ee4db656f42
        Size/MD5 checksum: 51074600 0fa0dabcddaa54a6254e8550c2a4afe0
        Size/MD5 checksum:   221168 0e9d2c155e31532c784b656ed5388b9e
        Size/MD5 checksum:   431058 8805ccf7e85238ce43dec92147619332
        Size/MD5 checksum:   111666 80c24b0dfd1a158d34f78e6045b91ca4
        Size/MD5 checksum:   163552 2e2962e508693791149682cae6cba482
        Size/MD5 checksum:    71326 6a9373a92b1fc093e4b7c70069ff67b4
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum:  7716828 c16acd4ce667b6c084bdc39a9e096d11
        Size/MD5 checksum:   222542 94d525cbb4d54889b70843822c0bdc38
        Size/MD5 checksum:  3286630 dff8f78b0ec2d9960834da44667724eb
        Size/MD5 checksum:    69238 f5399e5ceecf41c8eb4db5a072335740
        Size/MD5 checksum: 50310982 867606879c209be1c13f3710d3c38ae6
        Size/MD5 checksum:   101074 720e565c2e89dc6603532a7978b2d221
        Size/MD5 checksum:   151576 d80252bbe931cbab101a89cb3f004a09
        Size/MD5 checksum:   889814 211a7bc398826f2c56e15a843443d39d
        Size/MD5 checksum:   373716 be621dfd49ae635ef4b4e114f8e50dba
    armel architecture (ARM EABI)
        Size/MD5 checksum: 50098330 a0f5465dbc467dd1f985e2ca4712f7f9
        Size/MD5 checksum:    83980 4a4311a43473fe7930a52fdea5e4a5fe
        Size/MD5 checksum:  6948554 cfdbcb830720627b32f795b36f53f5b7
        Size/MD5 checksum:   222906 34e6471c847421be2ae16da3f918bcda
        Size/MD5 checksum:   821816 e250ee372508798ae9e1a68a6c4576f2
        Size/MD5 checksum:  3578140 f4707d6024a4b9f11ad1fd31882bf0ef
        Size/MD5 checksum:    69028 0291acaec552e2472fc4209d168cfc6c
        Size/MD5 checksum:   140978 773c60a149ba625ea1d5c89527d119c0
        Size/MD5 checksum:   352562 be66f00faa6afcede4278909e7f4e2a8
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:   898622 5ea05f46dc2990b5b0054df8a30b1b58
        Size/MD5 checksum:   411484 038614ad28aadfeae1abb5339b1251ab
        Size/MD5 checksum:   158432 c676bfc26336590362ff680f85050906
        Size/MD5 checksum:  3620828 3a43dc101337b981f9bd33906abe7799
        Size/MD5 checksum:   105530 d200efc60ae614e57cead787ee85bef3
        Size/MD5 checksum:    70610 2699e4fe85f2158ed608dbad8e20c38f
        Size/MD5 checksum: 51198752 2386c56a0556e1f89dbcccdec8691031
        Size/MD5 checksum:  9501658 0b6a0e1762a611b60912e721f7b9f9bb
        Size/MD5 checksum:   222406 114b5a6f6fc97899e7935592646a5cbb
    i386 architecture (Intel ia32)
        Size/MD5 checksum:   222776 e0f2916c9c3abd448aa46f7665191b49
        Size/MD5 checksum:    78780 e73a6bfd378c752a8ac5fa7955fae17e
        Size/MD5 checksum:    67468 18f29aaf6c08b34274f15a48c653707e
        Size/MD5 checksum: 49480258 b14ed6c733c7d34d2021e806be6439d6
        Size/MD5 checksum:  6593788 4b4aec6b9005655ba7b80035fa8e6e17
        Size/MD5 checksum:   350290 e91ff2efb88c2f74fde18a008b56d6e2
        Size/MD5 checksum:   140982 3c9adef8f1b9f6f25c84e36eefda9a1a
        Size/MD5 checksum:  3564530 8402885a312d91bdcaffc7d4d65ac0b9
        Size/MD5 checksum:   851344 a4538a018fa23d8a53ebebee961849a9
    ia64 architecture (Intel ia64)
        Size/MD5 checksum:   179724 8761c9fbbc3f22d6a3a1126916c90bcc
        Size/MD5 checksum:   542032 1b018fb59b737ac526625352b72d9b52
        Size/MD5 checksum:  3396102 621e876f64da0046867a6904206fe88d
        Size/MD5 checksum:   222738 cf7f9faab58a71b3593dbb50596d122c
        Size/MD5 checksum: 49654530 7f19c4a0ac89e1516e2aba14ae8fc039
        Size/MD5 checksum:    75710 bf66a6c1c04bb76fd5c8be3302264b5b
        Size/MD5 checksum: 11291336 891f561351854e144105df6600e7b1a2
        Size/MD5 checksum:   121190 60ace4c5b1e0de5c0a7276a20e6fa7ea
        Size/MD5 checksum:   811128 d18f2c47908d2ac67175e3aaafaae9be
    powerpc architecture (PowerPC)
        Size/MD5 checksum:    94436 ab06fbe3a24959ef89f46354799e4f60
        Size/MD5 checksum: 51369574 2389d023864d099f4af1cd38c5dd0ab1
        Size/MD5 checksum:   222760 0fca732c6d2cc0dbc10d9709db31446e
        Size/MD5 checksum:    72382 1dbf9611e7482680ccb05387668b7aa8
        Size/MD5 checksum:  3282416 144ced7b46ff76a25a1b6b4aa826cf52
        Size/MD5 checksum:   151928 a2c697c4b815a9ec8ccbfa92e46437df
        Size/MD5 checksum:   887838 2c32e037063218fa7ad957f318bf67d0
        Size/MD5 checksum:  7269728 cd871cea39393f4e585c7462b7bd7f85
        Size/MD5 checksum:   361952 73feff1baa6ac1817c37e9e47be19693
    s390 architecture (IBM S/390)
        Size/MD5 checksum:   908910 9ad7f202181aa2aea2e0e5bcf7e7d3a0
        Size/MD5 checksum:   222738 500490bcdc39f3bf9df8c8adc201af3b
        Size/MD5 checksum:  3305062 cf82ab8dedc7b2c02102b1923bc2b990
        Size/MD5 checksum: 51146652 8d73626705e11a5f55617b5fe945a694
        Size/MD5 checksum:   406172 03dbc242b93c05c30fac54f5845a1a26
        Size/MD5 checksum:    72194 859204b8be6d3be3f1e5a44d66894d25
        Size/MD5 checksum:   155732 72eff38ad9f4336aee6999895b9dc2f8
        Size/MD5 checksum:  8379856 936c6c5f0803bdd9bf4e25389263026d
        Size/MD5 checksum:   105222 89354aa048d424d0657e03a3cb99efe0
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum:    68560 be1d93cebaecfded59be656d1c4be947
        Size/MD5 checksum:  7162094 f8297c20997d2b907bdff9fed1bd17e7
        Size/MD5 checksum:    87220 6e6e140211cab257b855337f78090ed8
        Size/MD5 checksum:   821376 3d1f31c492ad4e0d2ff96be8004f8620
        Size/MD5 checksum:   141574 340b55f67ab110b9dfd8201627856b96
        Size/MD5 checksum:  3576272 c71288e6db975032807788800118883a
        Size/MD5 checksum: 49334420 1983e56c55e840fdb7c140aa30ad4c09
        Size/MD5 checksum:   221490 fdd4e1383544a7c463f2dac1e916303c
        Size/MD5 checksum:   349248 1cb6c52c91701e3b11c0faa92da6d915
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"15","type":"x","order":"1","pct":36.59,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"8","type":"x","order":"2","pct":19.51,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"18","type":"x","order":"3","pct":43.9,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.