Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 441
Alerts This Week
Warning Icon 1 441

Debian Lenny: DSA-2106-1 Moderate: Xulrunner Remote Threats

debian
Calendar Grey September 8, 2010
Debian Logo
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications

Summary

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:

- - Implementation errors in XUL processing allow the execution of
arbitrary code (CVE-2010-2760, CVE-2010-3167, CVE-2010-3168)

- - An implementation error in the XPCSafeJSObjectWrapper wrapper allows
the bypass of the same origin policy (CVE-2010-2763)

- - An integer overflow in frame handling allows the execution of
arbitrary code (CVE-2010-2765)

- - An implementation error in DOM handling allows the execution of
arbitrary code (CVE-2010-2766)

- - Incorrect pointer handling in the plugin code allow the execution of
arbitrary code (CVE-2010-2767)

- - Incorrect handling of an object tag may lead to the bypass of cross
site scripting filters (CVE-2010-2768)

- - Incorrect copy and paste handling could lead to cross site scripting
(CVE-2010-2769)

- - Crashes in the layout engine may lead to the exe...

Read the Full Advisory

Package: xulrunner

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.