Debian: DSA-1956-1 Moderate: Xulrunner Remote Flaws Addressed
debian
December 16, 2009
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser
Summary
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2009-3986:
David James discovered that the window.opener property allows Chrome
privilege escalation.
CVE-2009-3985:
Jordi Chanel discovered a spoofing vulnerability of the URL location bar
using the document.location property.
CVE-2009-3984:
Jonathan Morgan discovered that the icon indicating a secure connection
could be spoofed through the document.location property.
CVE-2009-3983:
Takehiro Takahashi discovered that the NTLM implementaion is vulnerable
to reflection attacks.
CVE-2009-3981:
Jesse Ruderman discovered a crash in the layout engine, which might allow
the execution of arbitrary code.
CVE-2009-3979:
Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel and Olli Pettay
discovered crashes in the layout engine, which might allo...
PREVIOUS
NEXT
Package: xulrunner
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!