Debian: DSA-1922-1 Critical: Xulrunner Remote Exploit Issues
debian
October 28, 2009
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser
Topics Covered
Summary
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2009-3380
Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel
Banchero, David Keeler and Boris Zbarsky reported crashes in
layout engine, which might allow the execution of arbitrary code.
CVE-2009-3382
Carsten Book reported a crash in the layout engine, which might
allow the execution of arbitrary code.
CVE-2009-3376
Jesse Ruderman and Sid Stamm discovered spoofing vulnerability
in the file download dialog.
CVE-2009-3375
Gregory Fleischer discovered a bypass of the same-origin policy
using the document.getSelection() function.
CVE-2009-3374
"moz_bug_r_a4" discovered a privilege escalation to Chrome status
in the XPCOM utility XPCVariant::VariantDataToJS.
CVE-2009-3373
"regenrecht" discovered a buffer overflow in the GI...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: xulrunner
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!