Debian: DSA-2027-1 Moderate: Xulrunner Remote Code Execution
debian
April 3, 2010
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser
Summary
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2010-0174
Jesse Ruderman and Ehsan Akhgari discovered crashes in the layout
engine, which might allow the execution of arbitrary code.
CVE-2010-0175
It was discovered that incorrect memory handling in the XUL event
handler might allow the execution of arbitrary code.
CVE-2010-0176
It was discovered that incorrect memory handling in the XUL event
handler might allow the execution of arbitrary code.
CVE-2010-0177
It was discovered that incorrect memory handling in the plugin code
might allow the execution of arbitrary code.
CVE-2010-0178
Paul Stone discovered that forced drag-and-drop events could lead to
Chrome privilege escalation.
CVE-2010-0179
It was discovered that a programming error in the XMLHttpRequestSpy
module could ...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: xulrunner
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!