Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 547
Alerts This Week
Warning Icon 1 547

Debian: DSA-2027-1 Moderate: Xulrunner Remote Code Execution

debian
Calendar Grey April 3, 2010
Scroller Debian
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser

Summary

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2010-0174

Jesse Ruderman and Ehsan Akhgari discovered crashes in the layout
engine, which might allow the execution of arbitrary code.

CVE-2010-0175

It was discovered that incorrect memory handling in the XUL event
handler might allow the execution of arbitrary code.

CVE-2010-0176

It was discovered that incorrect memory handling in the XUL event
handler might allow the execution of arbitrary code.

CVE-2010-0177

It was discovered that incorrect memory handling in the plugin code
might allow the execution of arbitrary code.

CVE-2010-0178

Paul Stone discovered that forced drag-and-drop events could lead to
Chrome privilege escalation.

CVE-2010-0179

It was discovered that a programming error in the XMLHttpRequestSpy
module could ...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Package: xulrunner

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.