Linux Security
Linux Security
Linux Security

Debian: DSA-1885-1: New xulrunner packages fix several vulnerabilities

Date 14 Sep 2009
Posted By LinuxSecurity Advisories
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems:
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1885-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                       Moritz Muehlenhoff
September 14, 2009          
- ------------------------------------------------------------------------

Package        : xulrunner
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3074 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3078

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:


    Jesse Ruderman discovered crashes in the layout engine, which
    might allow the execution of arbitrary code.


    Daniel Holbert, Jesse Ruderman, Olli Pettay and "toshi" discovered
    crashes in the layout engine, which might allow the execution of
    arbitrary code.


    Josh Soref, Jesse Ruderman and Martin Wargers discovered crashes
    in the layout engine, which might allow the execution of arbitrary


    Jesse Ruderman discovered a crash in the Javascript engine, which
    might allow the execution of arbitrary code.


    Carsten Book and "Taral" discovered crashes in the layout engine,
    which might allow the execution of arbitrary code.


    Jesse Ruderman discovered that the user interface for installing/
    removing PCKS #11 securiy modules wasn't informative enough, which
    might allow social engineering attacks.


    It was discovered that incorrect pointer handling in the XUL parser
    could lead to the execution of arbitrary code.


    Juan Pablo Lopez Yacubian discovered that incorrent rendering of
    some Unicode font characters could lead to spoofing attacks on
    the location bar.

For the stable distribution (lenny), these problems have been fixed
in version

As indicated in the Etch release notes, security support for the
Mozilla products in the oldstable distribution needed to be stopped
before the end of the regular Etch security maintenance life cycle.
You are strongly encouraged to upgrade to stable or switch to a still
supported browser.

For the unstable distribution (sid), these problems have been fixed in

For the experimental distribution, these problems have been fixed in

We recommend that you upgrade your xulrunner package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum: 44131944 c7e120fb285ad462875f11f8071da424
    Size/MD5 checksum:     1779 b631f42a41844e224e6275d98dd44bf2
    Size/MD5 checksum:   115910 4d0bc123fd05c050c5b834c6f39f8e4a

Architecture independent packages:
    Size/MD5 checksum:  1464198 f481e96692d78859d3a6a65721545d99

alpha architecture (DEC Alpha)
    Size/MD5 checksum:  3355164 c636eea6a110a24a559bb28c20a2e8eb
    Size/MD5 checksum:   113034 1b5c67690491fc0e331c98e05fb87051
    Size/MD5 checksum: 51088250 aa180bd2cdfbf897f2e0ac3560a8cc40
    Size/MD5 checksum:    71840 a07593d426877325cd152a263f51f2b4
    Size/MD5 checksum:   165048 43c19aa5d7b0156cf589ed0b6e993910
    Size/MD5 checksum:  9474266 7040f15c20c7f9877c52cee0886e8975
    Size/MD5 checksum:   432138 04c093d247605393270b1786dee74d76
    Size/MD5 checksum:   222980 b000fbdb6e42e72fabbed576ddde1fd8
    Size/MD5 checksum:   938160 f09c9e399d94112f1bdb08251f820637

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum: 50314830 1d688fe8ca224e126741c2632f906779
    Size/MD5 checksum:   890198 8ae5be9340022f9a52a72058db06565c
    Size/MD5 checksum:   374060 e421c0e41faa8ae2c7e98da9dd330390
    Size/MD5 checksum:   151848 9992e81b9bb4511245bf9fdea82e05d9
    Size/MD5 checksum:  7719362 4e70af1c7e7b994e1904a9ce6de9d63f
    Size/MD5 checksum:  3287848 db7d11e081cf253a06b6c4aebda7e7fa
    Size/MD5 checksum:   101396 abfc7c66503aa955a554f87d1cc31a00
    Size/MD5 checksum:   222804 a5925bf4416b60554624f6faca7165c2
    Size/MD5 checksum:    69480 f9890fb3a4c7f7488448a16b897006a6

arm architecture (ARM)
    Size/MD5 checksum:  3582256 0aeec5e5aa15ac81d0810f37759f2ac2
    Size/MD5 checksum:   141456 8ead3ffd703c001d5da598b05369509a
    Size/MD5 checksum:   351328 8edb0076558de116e59bce4d53c43485
    Size/MD5 checksum:    83794 3b318506616359e299c4efb7e8d31dfd
    Size/MD5 checksum: 49287874 4f2c2b6f77e3aeeea3eedac0f26ec224
    Size/MD5 checksum:   817428 0db6e1fa17e9088886739b432d2e73c0
    Size/MD5 checksum:  6801224 9c5d3af878cffb9bfe903383b8b9f20d
    Size/MD5 checksum:   223446 5928759de2e32069c14aa05dc46602a0
    Size/MD5 checksum:    67658 fa48433d66cb42c4e6726f038c62c1a0

armel architecture (ARM EABI)
    Size/MD5 checksum:    84342 cc0d0076e7e383b65276d5cc3fea64e0
    Size/MD5 checksum: 50113678 0428a193aeb3286b3a18a84ec0df22cd
    Size/MD5 checksum:   222896 2ec8b19e4ccc3aeafb5293ee105f3c72
    Size/MD5 checksum:  6952412 4faf92e90a35add856add0d55e24247c
    Size/MD5 checksum:  3581338 900680bf90496e6b629fcf4661141e24
    Size/MD5 checksum:   142084 8d20051e3e44e188362058a166afc17b
    Size/MD5 checksum:   822616 7dda7683f3a759827d27904302f51633
    Size/MD5 checksum:    70028 4f4a5afe56e64d8e58e0710e8718e0b5
    Size/MD5 checksum:   352848 2a54bc0d8f8396c7d364036e3c21d7fe

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   222658 ae20de5a031c73ef5234412924f4d122
    Size/MD5 checksum:    70926 f5c8b6e13884aa3d6e54beaa160b5e69
    Size/MD5 checksum:  3621796 1b3cdd7b471165d91de542ca9d6f6818
    Size/MD5 checksum:   899074 14eee8cafa79a2669f237f68a4490ab2
    Size/MD5 checksum:   158714 d72145d9d250480f50c6a34c1b226a9c
    Size/MD5 checksum:   411858 8fa7776fbe42288798772ad9c6865d73
    Size/MD5 checksum:  9509300 a2f1d428c79097427e47144e1517bc6b
    Size/MD5 checksum: 51216664 03b2c00ec18105f4ed0d964b7143efea
    Size/MD5 checksum:   105784 af1957ace5bc375d4a39dd786b7339df

i386 architecture (Intel ia32)
    Size/MD5 checksum:   223028 83e00a431b1a4f5d31dffadef7e83f10
    Size/MD5 checksum: 49486814 96f1f06b3bc1543dfcdf61b4e54b0c05
    Size/MD5 checksum:  6599026 33395a7c0ee2fdabb9a07c1391e34d7e
    Size/MD5 checksum:   141218 916bccbcbb50d6c612a9299a825b6e8c
    Size/MD5 checksum:  3565372 abcc7e20936c0d51ea386c9efbe852a2
    Size/MD5 checksum:    67726 d6716afbabd2435ee21e6c43d0ec20e0
    Size/MD5 checksum:   350530 b1cd89ff27628cd9e4c9279611058de3
    Size/MD5 checksum:    79026 530abad05745cb83691b9cadd3268650
    Size/MD5 checksum:   851760 4117d0b11e7da763a9c42b273957a8e1

ia64 architecture (Intel ia64)
    Size/MD5 checksum:   180072 2965ea4fab28d4e6e05736f16688283f
    Size/MD5 checksum:   121412 b9567f044addb022276fa30f48df66d5
    Size/MD5 checksum:    75960 36770c3abacba591152705a3a16fb7f2
    Size/MD5 checksum:   542344 542ff921e6972f1317243763f8701cf2
    Size/MD5 checksum:   222972 c4bf3da9ee568b02f0c526ed52ddb621
    Size/MD5 checksum:  3397448 95b72f953a11e85938dc19f11a5552b5
    Size/MD5 checksum:   811296 9957cb1be0f2e40373137e1c73c0feba
    Size/MD5 checksum: 49660620 80bcfa4a6dfa3f6c9258a472cd091841
    Size/MD5 checksum: 11293604 02a44cd4f6362f4c2affe333085db642

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:   918460 e71627d8bc8b842b8fb5c49fe906b10c
    Size/MD5 checksum:   144550 8aceb89c2bb57fce2bb7c4780139a831
    Size/MD5 checksum:  3613906 cb65b1677ddbe35d642538e4359a89c2
    Size/MD5 checksum:   380038 5f6c71b3c75b3ffb3bf548493a7a3e77
    Size/MD5 checksum: 51845954 aafffc8f4d3f0befa5d23f7bd48bc7a9
    Size/MD5 checksum:  7666426 b6db9a3cf583ce8738e5f672013db783
    Size/MD5 checksum:    96990 f5be39c2917379538fc7eff2bd826fa5
    Size/MD5 checksum:    69758 8c4503912b1234d425d4c210c94a641d
    Size/MD5 checksum:   222844 eed0374a159c65cab6a525fe3a886a45

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:   222990 400d2f2fab1f543f886d2822922ca066
    Size/MD5 checksum:  3308516 62eea3a21d46e222de221161d605a0cb
    Size/MD5 checksum:   900122 1a13cc03a612b57c817eb719669f19a2
    Size/MD5 checksum:    96652 76be238480fbe43a293c1d04cfdff562
    Size/MD5 checksum:   378256 f4c76e7fccccacd3602e29c10ca3053b
    Size/MD5 checksum:   144852 0d6ae94029df3fd40156adf51ce7f955
    Size/MD5 checksum: 49954556 0c590e78df0dec1d7702580acae036db
    Size/MD5 checksum:    69442 2846e16702b490e688654c8c7d97a1b1
    Size/MD5 checksum:  7373384 8ae3d035bcd7db6179032317ee9727d9

powerpc architecture (PowerPC)
    Size/MD5 checksum:  7273174 63e259be771285b5903eee6a9e46808d
    Size/MD5 checksum:   888040 5e7aa8a8b71175d110d6276417ca6de9
    Size/MD5 checksum:    72614 2680638191568af9db86b90a0bd5d65a
    Size/MD5 checksum:   222988 3e01050950f5211909eedfd5a3fdbc57
    Size/MD5 checksum:   362272 e413ee1f5fc5fc6b662206e90e20ecea
    Size/MD5 checksum:  3283550 9ddd02ca245cb238af224a783b187dd0
    Size/MD5 checksum:   152152 e9f8a203b4f5c179488c7fcc48a4f159
    Size/MD5 checksum: 51375668 13b67f7977c02edfd9f7cada9211a03a
    Size/MD5 checksum:    94668 3e57daa683ee6e9c6192d21362cdcc47

s390 architecture (IBM S/390)
    Size/MD5 checksum:  8385396 9e4ee200b94a9272bf7d7f7c02a8fcfb
    Size/MD5 checksum:   155974 79ce6b13ff693d89c035c22e9b47415c
    Size/MD5 checksum:    72436 0bc00d0903bb3ab2a12e4d6b73df12ba
    Size/MD5 checksum:   909340 43abdc0a8378da428d2766744a2925ee
    Size/MD5 checksum:   105440 c3dc9df5c94adfd321566218372bd215
    Size/MD5 checksum:  3306176 1750a3b7fdbfaea32088f0e121696890
    Size/MD5 checksum:   406450 a156419fbc10fe9a80bb6bdc9f5b21d8
    Size/MD5 checksum:   222972 f60411f392972a41935a63e3ccadc200
    Size/MD5 checksum: 51167634 9bafa37705a403cb8d191a1e67fd5584

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:    87404 2644f1d0eebe3617c471af2474694739
    Size/MD5 checksum:   349672 c7e48fb5a90a85f500fcd00a46818b31
    Size/MD5 checksum: 49354316 eabbf181f077d18af5b2654b3dfbb1a7
    Size/MD5 checksum:  3577516 76dab7138191af6243e7a92eaab9dec7
    Size/MD5 checksum:    68836 7e97dced96a0dd7d3e5a6301ec17b886
    Size/MD5 checksum:   821850 15725131230c58d12c9f1b5256b1f846
    Size/MD5 checksum:   221754 222bcd65c5978e1bd0c620e3bd422c4b
    Size/MD5 checksum:   141768 d1dd18f647039023c5c448161d9ad268
    Size/MD5 checksum:  7167176 70fe08866c7ed5fa22332771756da8f4

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"50","type":"x","order":"1","pct":80.65,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"7","type":"x","order":"2","pct":11.29,"resources":[]},{"id":"181","title":"Hardly ever","votes":"5","type":"x","order":"3","pct":8.06,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.