Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 448
Alerts This Week
Warning Icon 1 448

Debian: DSA-1956-1 Moderate: Xulrunner Remote Flaws Addressed

debian
Calendar Grey December 16, 2009
Debian Logo
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser

Summary

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2009-3986:

David James discovered that the window.opener property allows Chrome
privilege escalation.

CVE-2009-3985:

Jordi Chanel discovered a spoofing vulnerability of the URL location bar
using the document.location property.

CVE-2009-3984:

Jonathan Morgan discovered that the icon indicating a secure connection
could be spoofed through the document.location property.

CVE-2009-3983:

Takehiro Takahashi discovered that the NTLM implementaion is vulnerable
to reflection attacks.

CVE-2009-3981:

Jesse Ruderman discovered a crash in the layout engine, which might allow
the execution of arbitrary code.

CVE-2009-3979:

Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel and Olli Pettay
discovered crashes in the layout engine, which might allo...

Read the Full Advisory

Package: xulrunner

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.