Linux Security
    Linux Security
    Linux Security

    Debian: DSA-1885-1: New xulrunner packages fix several vulnerabilities

    Date 14 Sep 2009
    Posted By LinuxSecurity Advisories
    Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems:
    Hash: SHA1
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1885-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                       Moritz Muehlenhoff
    September 14, 2009          
    - ------------------------------------------------------------------------
    Package        : xulrunner
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3074 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3078
    Several remote vulnerabilities have been discovered in Xulrunner, a
    runtime environment for XUL applications, such as the Iceweasel web
    browser. The Common Vulnerabilities and Exposures project identifies
    the following problems:
        Jesse Ruderman discovered crashes in the layout engine, which
        might allow the execution of arbitrary code.
        Daniel Holbert, Jesse Ruderman, Olli Pettay and "toshi" discovered
        crashes in the layout engine, which might allow the execution of
        arbitrary code.
        Josh Soref, Jesse Ruderman and Martin Wargers discovered crashes
        in the layout engine, which might allow the execution of arbitrary
        Jesse Ruderman discovered a crash in the Javascript engine, which
        might allow the execution of arbitrary code.
        Carsten Book and "Taral" discovered crashes in the layout engine,
        which might allow the execution of arbitrary code.
        Jesse Ruderman discovered that the user interface for installing/
        removing PCKS #11 securiy modules wasn't informative enough, which
        might allow social engineering attacks.
        It was discovered that incorrect pointer handling in the XUL parser
        could lead to the execution of arbitrary code.
        Juan Pablo Lopez Yacubian discovered that incorrent rendering of
        some Unicode font characters could lead to spoofing attacks on
        the location bar.
    For the stable distribution (lenny), these problems have been fixed
    in version
    As indicated in the Etch release notes, security support for the
    Mozilla products in the oldstable distribution needed to be stopped
    before the end of the regular Etch security maintenance life cycle.
    You are strongly encouraged to upgrade to stable or switch to a still
    supported browser.
    For the unstable distribution (sid), these problems have been fixed in
    For the experimental distribution, these problems have been fixed in
    We recommend that you upgrade your xulrunner package.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    Source archives:
        Size/MD5 checksum: 44131944 c7e120fb285ad462875f11f8071da424
        Size/MD5 checksum:     1779 b631f42a41844e224e6275d98dd44bf2
        Size/MD5 checksum:   115910 4d0bc123fd05c050c5b834c6f39f8e4a
    Architecture independent packages:
        Size/MD5 checksum:  1464198 f481e96692d78859d3a6a65721545d99
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:  3355164 c636eea6a110a24a559bb28c20a2e8eb
        Size/MD5 checksum:   113034 1b5c67690491fc0e331c98e05fb87051
        Size/MD5 checksum: 51088250 aa180bd2cdfbf897f2e0ac3560a8cc40
        Size/MD5 checksum:    71840 a07593d426877325cd152a263f51f2b4
        Size/MD5 checksum:   165048 43c19aa5d7b0156cf589ed0b6e993910
        Size/MD5 checksum:  9474266 7040f15c20c7f9877c52cee0886e8975
        Size/MD5 checksum:   432138 04c093d247605393270b1786dee74d76
        Size/MD5 checksum:   222980 b000fbdb6e42e72fabbed576ddde1fd8
        Size/MD5 checksum:   938160 f09c9e399d94112f1bdb08251f820637
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum: 50314830 1d688fe8ca224e126741c2632f906779
        Size/MD5 checksum:   890198 8ae5be9340022f9a52a72058db06565c
        Size/MD5 checksum:   374060 e421c0e41faa8ae2c7e98da9dd330390
        Size/MD5 checksum:   151848 9992e81b9bb4511245bf9fdea82e05d9
        Size/MD5 checksum:  7719362 4e70af1c7e7b994e1904a9ce6de9d63f
        Size/MD5 checksum:  3287848 db7d11e081cf253a06b6c4aebda7e7fa
        Size/MD5 checksum:   101396 abfc7c66503aa955a554f87d1cc31a00
        Size/MD5 checksum:   222804 a5925bf4416b60554624f6faca7165c2
        Size/MD5 checksum:    69480 f9890fb3a4c7f7488448a16b897006a6
    arm architecture (ARM)
        Size/MD5 checksum:  3582256 0aeec5e5aa15ac81d0810f37759f2ac2
        Size/MD5 checksum:   141456 8ead3ffd703c001d5da598b05369509a
        Size/MD5 checksum:   351328 8edb0076558de116e59bce4d53c43485
        Size/MD5 checksum:    83794 3b318506616359e299c4efb7e8d31dfd
        Size/MD5 checksum: 49287874 4f2c2b6f77e3aeeea3eedac0f26ec224
        Size/MD5 checksum:   817428 0db6e1fa17e9088886739b432d2e73c0
        Size/MD5 checksum:  6801224 9c5d3af878cffb9bfe903383b8b9f20d
        Size/MD5 checksum:   223446 5928759de2e32069c14aa05dc46602a0
        Size/MD5 checksum:    67658 fa48433d66cb42c4e6726f038c62c1a0
    armel architecture (ARM EABI)
        Size/MD5 checksum:    84342 cc0d0076e7e383b65276d5cc3fea64e0
        Size/MD5 checksum: 50113678 0428a193aeb3286b3a18a84ec0df22cd
        Size/MD5 checksum:   222896 2ec8b19e4ccc3aeafb5293ee105f3c72
        Size/MD5 checksum:  6952412 4faf92e90a35add856add0d55e24247c
        Size/MD5 checksum:  3581338 900680bf90496e6b629fcf4661141e24
        Size/MD5 checksum:   142084 8d20051e3e44e188362058a166afc17b
        Size/MD5 checksum:   822616 7dda7683f3a759827d27904302f51633
        Size/MD5 checksum:    70028 4f4a5afe56e64d8e58e0710e8718e0b5
        Size/MD5 checksum:   352848 2a54bc0d8f8396c7d364036e3c21d7fe
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:   222658 ae20de5a031c73ef5234412924f4d122
        Size/MD5 checksum:    70926 f5c8b6e13884aa3d6e54beaa160b5e69
        Size/MD5 checksum:  3621796 1b3cdd7b471165d91de542ca9d6f6818
        Size/MD5 checksum:   899074 14eee8cafa79a2669f237f68a4490ab2
        Size/MD5 checksum:   158714 d72145d9d250480f50c6a34c1b226a9c
        Size/MD5 checksum:   411858 8fa7776fbe42288798772ad9c6865d73
        Size/MD5 checksum:  9509300 a2f1d428c79097427e47144e1517bc6b
        Size/MD5 checksum: 51216664 03b2c00ec18105f4ed0d964b7143efea
        Size/MD5 checksum:   105784 af1957ace5bc375d4a39dd786b7339df
    i386 architecture (Intel ia32)
        Size/MD5 checksum:   223028 83e00a431b1a4f5d31dffadef7e83f10
        Size/MD5 checksum: 49486814 96f1f06b3bc1543dfcdf61b4e54b0c05
        Size/MD5 checksum:  6599026 33395a7c0ee2fdabb9a07c1391e34d7e
        Size/MD5 checksum:   141218 916bccbcbb50d6c612a9299a825b6e8c
        Size/MD5 checksum:  3565372 abcc7e20936c0d51ea386c9efbe852a2
        Size/MD5 checksum:    67726 d6716afbabd2435ee21e6c43d0ec20e0
        Size/MD5 checksum:   350530 b1cd89ff27628cd9e4c9279611058de3
        Size/MD5 checksum:    79026 530abad05745cb83691b9cadd3268650
        Size/MD5 checksum:   851760 4117d0b11e7da763a9c42b273957a8e1
    ia64 architecture (Intel ia64)
        Size/MD5 checksum:   180072 2965ea4fab28d4e6e05736f16688283f
        Size/MD5 checksum:   121412 b9567f044addb022276fa30f48df66d5
        Size/MD5 checksum:    75960 36770c3abacba591152705a3a16fb7f2
        Size/MD5 checksum:   542344 542ff921e6972f1317243763f8701cf2
        Size/MD5 checksum:   222972 c4bf3da9ee568b02f0c526ed52ddb621
        Size/MD5 checksum:  3397448 95b72f953a11e85938dc19f11a5552b5
        Size/MD5 checksum:   811296 9957cb1be0f2e40373137e1c73c0feba
        Size/MD5 checksum: 49660620 80bcfa4a6dfa3f6c9258a472cd091841
        Size/MD5 checksum: 11293604 02a44cd4f6362f4c2affe333085db642
    mips architecture (MIPS (Big Endian))
        Size/MD5 checksum:   918460 e71627d8bc8b842b8fb5c49fe906b10c
        Size/MD5 checksum:   144550 8aceb89c2bb57fce2bb7c4780139a831
        Size/MD5 checksum:  3613906 cb65b1677ddbe35d642538e4359a89c2
        Size/MD5 checksum:   380038 5f6c71b3c75b3ffb3bf548493a7a3e77
        Size/MD5 checksum: 51845954 aafffc8f4d3f0befa5d23f7bd48bc7a9
        Size/MD5 checksum:  7666426 b6db9a3cf583ce8738e5f672013db783
        Size/MD5 checksum:    96990 f5be39c2917379538fc7eff2bd826fa5
        Size/MD5 checksum:    69758 8c4503912b1234d425d4c210c94a641d
        Size/MD5 checksum:   222844 eed0374a159c65cab6a525fe3a886a45
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum:   222990 400d2f2fab1f543f886d2822922ca066
        Size/MD5 checksum:  3308516 62eea3a21d46e222de221161d605a0cb
        Size/MD5 checksum:   900122 1a13cc03a612b57c817eb719669f19a2
        Size/MD5 checksum:    96652 76be238480fbe43a293c1d04cfdff562
        Size/MD5 checksum:   378256 f4c76e7fccccacd3602e29c10ca3053b
        Size/MD5 checksum:   144852 0d6ae94029df3fd40156adf51ce7f955
        Size/MD5 checksum: 49954556 0c590e78df0dec1d7702580acae036db
        Size/MD5 checksum:    69442 2846e16702b490e688654c8c7d97a1b1
        Size/MD5 checksum:  7373384 8ae3d035bcd7db6179032317ee9727d9
    powerpc architecture (PowerPC)
        Size/MD5 checksum:  7273174 63e259be771285b5903eee6a9e46808d
        Size/MD5 checksum:   888040 5e7aa8a8b71175d110d6276417ca6de9
        Size/MD5 checksum:    72614 2680638191568af9db86b90a0bd5d65a
        Size/MD5 checksum:   222988 3e01050950f5211909eedfd5a3fdbc57
        Size/MD5 checksum:   362272 e413ee1f5fc5fc6b662206e90e20ecea
        Size/MD5 checksum:  3283550 9ddd02ca245cb238af224a783b187dd0
        Size/MD5 checksum:   152152 e9f8a203b4f5c179488c7fcc48a4f159
        Size/MD5 checksum: 51375668 13b67f7977c02edfd9f7cada9211a03a
        Size/MD5 checksum:    94668 3e57daa683ee6e9c6192d21362cdcc47
    s390 architecture (IBM S/390)
        Size/MD5 checksum:  8385396 9e4ee200b94a9272bf7d7f7c02a8fcfb
        Size/MD5 checksum:   155974 79ce6b13ff693d89c035c22e9b47415c
        Size/MD5 checksum:    72436 0bc00d0903bb3ab2a12e4d6b73df12ba
        Size/MD5 checksum:   909340 43abdc0a8378da428d2766744a2925ee
        Size/MD5 checksum:   105440 c3dc9df5c94adfd321566218372bd215
        Size/MD5 checksum:  3306176 1750a3b7fdbfaea32088f0e121696890
        Size/MD5 checksum:   406450 a156419fbc10fe9a80bb6bdc9f5b21d8
        Size/MD5 checksum:   222972 f60411f392972a41935a63e3ccadc200
        Size/MD5 checksum: 51167634 9bafa37705a403cb8d191a1e67fd5584
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum:    87404 2644f1d0eebe3617c471af2474694739
        Size/MD5 checksum:   349672 c7e48fb5a90a85f500fcd00a46818b31
        Size/MD5 checksum: 49354316 eabbf181f077d18af5b2654b3dfbb1a7
        Size/MD5 checksum:  3577516 76dab7138191af6243e7a92eaab9dec7
        Size/MD5 checksum:    68836 7e97dced96a0dd7d3e5a6301ec17b886
        Size/MD5 checksum:   821850 15725131230c58d12c9f1b5256b1f846
        Size/MD5 checksum:   221754 222bcd65c5978e1bd0c620e3bd422c4b
        Size/MD5 checksum:   141768 d1dd18f647039023c5c448161d9ad268
        Size/MD5 checksum:  7167176 70fe08866c7ed5fa22332771756da8f4
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.