Linux Security
Linux Security
Linux Security

Debian: DSA-2075-1: New xulrunner packages fix several vulnerabilities

Date 27 Jul 2010
Posted By LinuxSecurity Advisories
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems:
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2075-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                       Moritz Muehlenhoff
July 27, 2010               
- ------------------------------------------------------------------------

Package        : xulrunner
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2010-0182 CVE-2010-0654 CVE-2010-1205 CVE-2010-1208 CVE-2010-1211 CVE-2010-1214 CVE-2010-2751 CVE-2010-2753 CVE-2010-2754

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:


    Wladimir Palant discovered that security checks in XML processing
    were insufficiently enforced.


    Chris Evans discovered that insecure CSS handling could lead to
    reading data across domain boundaries.


    Aki Helin discovered a buffer overflow in the internal copy of
    libpng, which could lead to the execution of arbitrary code.


    "regenrecht" discovered that incorrect memory handling in DOM
    parsing could lead to the execution of arbitrary code.


    Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary
    Kwong, Tobias Markus and Daniel Holbert discovered crashes in the
    layout engine, which might allow the execution of arbitrary code.


    "JS3" discovered an integer overflow in the plugin code, which
    could lead to the execution of arbitrary code.


    Jordi Chancel discovered that the location could be spoofed to
    appear like a secured page.


    "regenrecht" discovered that incorrect memory handling in XUL
    parsing could lead to the execution of arbitrary code.


    Soroush Dalili discovered an information leak in script processing.

For the stable distribution (lenny), these problems have been fixed in

For the unstable distribution (sid), these problems have been fixed in

For the experimental distribution, these problems have been fixed in

We recommend that you upgrade your xulrunner packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:   149955 e6ec4540373a8dfbea5c1e63f5b628b2
    Size/MD5 checksum:     1755 59f9033377f2450ad114d9ee4367f9c7
    Size/MD5 checksum: 44174623 83667df1e46399960593fdd8832e958e

Architecture independent packages:
    Size/MD5 checksum:  1466246 a3b5c8b34df7e2077a5e3c5c0d911b85

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   165496 ad7c134eeadc1a2aa751c289052d32f1
    Size/MD5 checksum:   433152 57f7a88c05eece5c0ea17517646267bb
    Size/MD5 checksum:    72550 b581302383396b57f7e07aa4564245b3
    Size/MD5 checksum: 51155444 37595efd28303ec3a88d294b58c1e7aa
    Size/MD5 checksum:  9487312 452f2c3b26bb249711720ade76e77c3f
    Size/MD5 checksum:   223422 9ce6e6f35412321405c27618a3550763
    Size/MD5 checksum:   113478 f4946488381af317acb3bd27da3e372e
    Size/MD5 checksum:   940250 abb2d020d4cce2e5547d17dd94323cee
    Size/MD5 checksum:  3357434 a26b339fee481f1ae5494ee0983e3e75

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum: 50381710 4e6df9133e326ca7fe1d91adab87609b
    Size/MD5 checksum:  3291324 01a75923a6b796c2e1f3c02e4584072f
    Size/MD5 checksum:   152266 0a9e05d5e36920cf9cb6c9e39357679b
    Size/MD5 checksum:  7735106 eedecb0183cd911bf7416be5f61cf88e
    Size/MD5 checksum:   374604 7a71d4ce527727f43225fc1cdc6b3915
    Size/MD5 checksum:    70226 f8860e988f030333c59f893582e17da0
    Size/MD5 checksum:   890738 0db2e5b458ae1495dce575688a27ef2a
    Size/MD5 checksum:   223326 1d128ae917c5dab4e977ffb018cb704c
    Size/MD5 checksum:   101830 2bb9a62d6454d0b7ef6da98cc07b4013

arm architecture (ARM)
    Size/MD5 checksum:   140950 d9044d5f823661f4a1ef11c47971d6e2
    Size/MD5 checksum:  3584768 6ff8221347684a334d6f358d2c8f2dcc
    Size/MD5 checksum:  6802070 e489c87976c243d040f568a8e04a7466
    Size/MD5 checksum:   351056 dd61fc5b425e296ef00120b4cfbc5604
    Size/MD5 checksum:    68552 819703fc0550ee6473572ea3655ab1f5
    Size/MD5 checksum:    84224 f3915220a86a6a31e48b845d2af7f249
    Size/MD5 checksum:   222376 cb0563f3e5220ceb6f42b8e6471eb883
    Size/MD5 checksum: 49349776 4037a4ab7eeb964c24c95fbb905edbe6
    Size/MD5 checksum:   815334 c055e242c82b7643c67712602e4f3215

armel architecture (ARM EABI)
    Size/MD5 checksum:   822978 f8609edb961b6c71732c17575393644a
    Size/MD5 checksum:  6962470 fc143ac75279405ef99a3e045439adeb
    Size/MD5 checksum:  3583846 db81fc2e4c8a30fbaf0b176f6d7e77a5
    Size/MD5 checksum:   142446 016a6aa2efa9e49788c97bc925d90bbb
    Size/MD5 checksum:   353294 65f40d8a434c6b430685ef1a54246888
    Size/MD5 checksum: 50182030 97009b62c3d65b5e715f363d7a5a2e0c
    Size/MD5 checksum:   223380 30fd707dea85e43894c84036115920a3
    Size/MD5 checksum:    70694 e5892c32e9850d86138ebf15ad317b63
    Size/MD5 checksum:    84758 a94402fed374f82a1ffeb338cb2a4cbb

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   223614 ea284c98cc97b10b879d6174b81cb486
    Size/MD5 checksum:   899460 290c89b8835d773b8fd240f5610dc63c
    Size/MD5 checksum:    72280 1d32724f444212696e28d15dc22386af
    Size/MD5 checksum:   413386 e78a2aabb581f3f7f8da9cb531d6a883
    Size/MD5 checksum:   158762 89855347fdf8833df8fd643cfd6a2f10
    Size/MD5 checksum: 51267722 b51b03ef591a26a4bb72fb0c58e610c0
    Size/MD5 checksum:  3632562 2d9a207f01319a7bd8f3eb72b3762c77
    Size/MD5 checksum:  9523510 0f38b76b0074881d4b12823eedc40846
    Size/MD5 checksum:   106998 32d701f55bd4cc6e0f7160c3b5db43aa

i386 architecture (Intel ia32)
    Size/MD5 checksum: 49553140 cd9fb750075df895e2ad46a8fe4c8bdf
    Size/MD5 checksum:   852228 f04ee6f2c26e9bda77477d64a13f3c53
    Size/MD5 checksum:    79554 e69019a20fc3e8750faf73961cae8a38
    Size/MD5 checksum:   224454 c7e441828615fa66d9907b6407a2b1ad
    Size/MD5 checksum:   351828 85e4711445491850841c2f05102f2bd2
    Size/MD5 checksum:  6609818 b99e5d5f75686adcea1c3570fb82ead5
    Size/MD5 checksum:  3573826 2869c274453928b8b110d8aee7dcba96
    Size/MD5 checksum:   142966 847a37421b7980378c81c5e818c2df3d
    Size/MD5 checksum:    68968 1eee7343caee6a8a23a141bf6b653fa4

ia64 architecture (Intel ia64)
    Size/MD5 checksum:   224078 a9dc6949ac6ef39884d1cb58929e20fc
    Size/MD5 checksum:  3693822 602f37b927bc425803730a66d17e8bec
    Size/MD5 checksum:   542370 6015bef0d96154f73c32b2031c8bbf70
    Size/MD5 checksum:    77166 1a94ec379b6e210cf35c1116939fc5f7
    Size/MD5 checksum:   813100 d0cdc640bf4a68973942cf563b7f7d7b
    Size/MD5 checksum:   181192 54ef9505c0b0a0b62539dc3d983a8f83
    Size/MD5 checksum: 11340432 b833d183a5337231c512aba60e733213
    Size/MD5 checksum: 49734538 21b8086eb33e228f4a3800307a721558
    Size/MD5 checksum:   121688 1e8f51c8c5d1097d5c0e4b8fd6743ec7

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:  3611102 8f2980b314f14ff7cf1c244ed11ee638
    Size/MD5 checksum:   145574 f38aa4d16323e517d075d1de833a7a35
    Size/MD5 checksum:   380888 73bf50fdf8fd49a2251f3c13db9e0a2c
    Size/MD5 checksum:  7677088 d034f72357eb3276850bea226dfc3489
    Size/MD5 checksum:    96932 9c55e0f731b1a507e77abb54ea7c2b08
    Size/MD5 checksum:   223126 cc6d3e47d51d4a15cd05ef6af47560c2
    Size/MD5 checksum: 51902590 b9cafda15eba1ae28b5b054bd82e9d62
    Size/MD5 checksum:   919306 764f458b99647036fbdb1b36768e9b99
    Size/MD5 checksum:    70412 c674d096e73e7f353733e502bbc9cd05

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:   378984 c66e5ff8815e2386755ece9c9a34b820
    Size/MD5 checksum: 50034074 88479753fa54a417df183b78d0bb6ed1
    Size/MD5 checksum:   145324 a801aeefc7fbf555ab407eaeb4c35295
    Size/MD5 checksum:    70170 3145be02d89d6e205de5d89b269b9d8d
    Size/MD5 checksum:  3311114 4dac1eff7f53b49976d984606e76afe6
    Size/MD5 checksum:   900836 6727b545324904a39f31261db59f516b
    Size/MD5 checksum:    97046 2953be8b2d4df3994abd68d6f95de215
    Size/MD5 checksum:  7384772 6666f68f98fa2cc81d9e3106c958360b
    Size/MD5 checksum:   223416 a3ad25d92dc8f8e09352bc1fbce07989

powerpc architecture (PowerPC)
    Size/MD5 checksum:    95068 18f76fe7d470194c6320df8b42e7b09b
    Size/MD5 checksum:   888120 b426372622e1ac0164db3f25589a5447
    Size/MD5 checksum:   152544 e3b9205b45b66a3fcf4937c44897a7d8
    Size/MD5 checksum:  3285670 a63c4ce33c3f482584b32cfe50488700
    Size/MD5 checksum:  7287440 f9d042196ccedd4dfb4da6d3e45ca2b1
    Size/MD5 checksum: 51458688 a669258d296192b6bd48b68006f9b618
    Size/MD5 checksum:   223412 b900b19a182c059590bfcdb9495851ef
    Size/MD5 checksum:    73306 94fdad8b176e63c0c791d19a026ce4b0
    Size/MD5 checksum:   362778 79f1ea4633cf0147da60871533750312

s390 architecture (IBM S/390)
    Size/MD5 checksum:   156410 6e986f5714d7052295a32253daea02a9
    Size/MD5 checksum:    73182 f3b9b343586f554ac37e5c7c8970a28a
    Size/MD5 checksum:   407006 5919961e64253609b9eacc6a31a19b87
    Size/MD5 checksum:  8401766 a23f6d0b7ac0b83997635feff3977ac2
    Size/MD5 checksum:   223402 f08c12d85314436f6331b75e2e18b1c7
    Size/MD5 checksum:   909824 8c8c3aa62be4c19e97351562dcbe1694
    Size/MD5 checksum:  3308768 50226e505e97362404ffbe3e770775fe
    Size/MD5 checksum:   105828 1e5fc5d7be3c5ab803dd71e8391c06bb
    Size/MD5 checksum: 51242096 ebae3e5b1eb3fd2d9470cbe117b8ced9

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum: 49406432 caf251c788fe4f76679f600bd1d7b1c0
    Size/MD5 checksum:    70192 33434a3b887ac076d88c0a4e425b3c29
    Size/MD5 checksum:   144136 359a3cac1ee340f79eb9a53ac65f62ed
    Size/MD5 checksum:  7181582 4b0f8aaf9a51e7c76073afbb7ea33c6e
    Size/MD5 checksum:  3583844 11cb9b988b9eac3564f11ed310a8d77e
    Size/MD5 checksum:    84544 0646f157f384a6a1ffcc3052035d1789
    Size/MD5 checksum:   350470 1c643effc57e45c6afc964f2284cda7e
    Size/MD5 checksum:   223260 77281a13fcc78aacd93cf479621ccf74
    Size/MD5 checksum:   821854 32eba751571daa1dcd4db30e7a3b7b2c

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"43","type":"x","order":"1","pct":81.13,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"5","type":"x","order":"2","pct":9.43,"resources":[]},{"id":"181","title":"Hardly ever","votes":"5","type":"x","order":"3","pct":9.43,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.