Linux Security
    Linux Security
    Linux Security

    Debian: DSA-2106-1: New xulrunner packages fix several vulnerabilities

    Date 08 Sep 2010
    Posted By LinuxSecurity Advisories
    Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems:
    Hash: SHA1
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-2106-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                       Moritz Muehlenhoff
    September 08, 2010          
    - ------------------------------------------------------------------------
    Package        : xulrunner
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2010-2760 CVE-2010-2763 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169
    Several remote vulnerabilities have been discovered in Xulrunner, a
    runtime environment for XUL applications. The Common Vulnerabilities
    and Exposures project identifies the following problems:
    - - Implementation errors in XUL processing allow the execution of
      arbitrary code (CVE-2010-2760, CVE-2010-3167, CVE-2010-3168)
    - - An implementation error in the XPCSafeJSObjectWrapper wrapper allows
      the bypass of the same origin policy (CVE-2010-2763)
    - - An integer overflow in frame handling allows the execution of
      arbitrary code (CVE-2010-2765)
    - - An implementation error in DOM handling allows the execution of
      arbitrary code (CVE-2010-2766)
    - - Incorrect pointer handling in the plugin code allow the execution of
      arbitrary code (CVE-2010-2767)
    - - Incorrect handling of an object tag may lead to the bypass of cross
      site scripting filters (CVE-2010-2768)
    - - Incorrect copy and paste handling could lead to cross site scripting
    - - Crashes in the layout engine may lead to the execution of arbitrary
      code (CVE-2010-3169)
    For the stable distribution (lenny), these problems have been fixed in 
    For the unstable distribution (sid), these problems have been fixed in
    version 3.5.12-1 of the iceweasel source package (which now builds the 
    xulrunner library binary packages).
    For the experimental distribution, these problems have been fixed in
    version 3.6.9-1 of the iceweasel source package (which now builds the 
    xulrunner library binary packages).
    We recommend that you upgrade your xulrunner packages.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    Source archives:
        Size/MD5 checksum: 44174623 83667df1e46399960593fdd8832e958e
        Size/MD5 checksum:   163042 fef37900325a35cd19e6fadc7b4792ba
        Size/MD5 checksum:     1755 4a3fc8eba2063cc8f2dec2016aa6da77
    Architecture independent packages:
        Size/MD5 checksum:  1466308 50ff44ff08dec48d4b2d652163ae7ea9
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:   223088 32227bedc240220da932e33d4abee362
        Size/MD5 checksum:  9506836 c75cf0d768abbbe316c017fbfbb4eec0
        Size/MD5 checksum:   939496 1d749f3b219ad21bcc4fbf22c1690a8b
        Size/MD5 checksum:   433784 fac95b65081eb740e059bd3a90588d7a
        Size/MD5 checksum:   164794 ae2bf12bb04caaf48b6a84fb52cfd763
        Size/MD5 checksum:  3656062 888ebb75dc6d5237f3416c637f91c5f2
        Size/MD5 checksum: 51196990 b0fee4e0bbdb80d69dc97e365e8ff43e
        Size/MD5 checksum:    72720 879d51d99d5fb64da182fa88c5d9f98c
        Size/MD5 checksum:   113584 6fb11bf561ed1dcabae7796cbb89598c
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum:   223374 6cbdbbb59698f1ec9d12dcdccaca5d86
        Size/MD5 checksum: 50427988 bf8ac74b4d39dd0994a1c37511bd4c45
        Size/MD5 checksum:  3292136 dbac5ae619a1f623e86a12d653153aa4
        Size/MD5 checksum:   374794 71050edabc4c0e781cd96852946f8f12
        Size/MD5 checksum:   101890 14ee3f51274befd9684905c0eea52bbe
        Size/MD5 checksum:  7736376 f2e78eab4bcf0e2363cdeb94f04773b1
        Size/MD5 checksum:   152338 d1a367d3afac973bb58fa4031205dbeb
        Size/MD5 checksum:   891084 05fd7b1a7c4a9dc47a38451317aa488d
        Size/MD5 checksum:    70288 d6d988ee37acff17e95787171f9ddf77
    i386 architecture (Intel ia32)
        Size/MD5 checksum:    68510 af4187f4addc059838b52024fd435191
        Size/MD5 checksum:    82864 8aa9afb20752a8f61255be8752855702
        Size/MD5 checksum: 49601488 c6ce39264a1a12b1492c02f848fdee95
        Size/MD5 checksum:  3571770 ffedb609c359cbecc06ef68a280b2277
        Size/MD5 checksum:   351474 cbd564d6ca1cbb312fc03523c7c88621
        Size/MD5 checksum:   141214 3c6b35f4d2bf2017e55b4e37bf6c5c2e
        Size/MD5 checksum:   222280 ed01a03f1a4c202850521801169925ae
        Size/MD5 checksum:   852478 2d8fd42dc9db80787df1eea444e2721c
        Size/MD5 checksum:  6609706 77ced17bf3c65fcda31f2a2eb210e4e3
    ia64 architecture (Intel ia64)
        Size/MD5 checksum:   180544 5b9afd460f42c6207313893d45356e57
        Size/MD5 checksum:   542680 5d53abb5ce3c5a1a2ac6cb47bf06e7f0
        Size/MD5 checksum:    76854 c504085a15276af4dec0898023090815
        Size/MD5 checksum:   811746 35050579dfb783a57c9f801dd47cb77d
        Size/MD5 checksum:   223454 aee920a2592ad6a2ad5e201f9d36970c
        Size/MD5 checksum: 49784168 a8453682d6932ec7b8d5108f814898df
        Size/MD5 checksum:   121848 34041de673ea9b4aad4f9ed7db7c9623
        Size/MD5 checksum:  3401030 8de1452f6de11a6be66e7c3b40561d53
        Size/MD5 checksum: 11318018 3920554c5ee4358aa7b256ff7b169485
    mips architecture (MIPS (Big Endian))
        Size/MD5 checksum: 51951594 4555607e71857f2053912db9ec91bf48
        Size/MD5 checksum:   223174 8fde28c6b933f8b5f82efb856b972ec4
        Size/MD5 checksum:   381072 a978bdff0bd65a0f20e34102fb9af20a
        Size/MD5 checksum:    96992 cd7dcdb81bade0f8f5ec5e10f2675d29
        Size/MD5 checksum:  7680508 f6590391d407dc68c405c9d464010106
        Size/MD5 checksum:  3612302 ea53a5ece7fef3a699a52e117f691b41
        Size/MD5 checksum:   145620 82731970f4a31f6b2a088c42496311e1
        Size/MD5 checksum:   919462 4b9eabba75d4a70f681e5b9986f61615
        Size/MD5 checksum:    70474 8412c9ce5621f084913f62778cb587e7
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum:  3311772 a3d121bc2928f4ab948a411ddab6cb0e
        Size/MD5 checksum:   223464 de9217213aecfbed53af59b46f9806a3
        Size/MD5 checksum:    97096 ec07fe0010434909bff6ef3d4126ff9e
        Size/MD5 checksum:   900734 6b7caed7430888170545117167d6ae59
        Size/MD5 checksum:    70224 471a514dc9c60591e220f9b674e1ad50
        Size/MD5 checksum: 50083292 06be5a87a9ba46401fba448155724d4e
        Size/MD5 checksum:  7387952 2bf8d6a025f4996d99c4fbad1655024c
        Size/MD5 checksum:   145374 9db362428ff8af75ddfdc3f301906003
        Size/MD5 checksum:   379188 2d20115192f46f115618030fb2aea107
    powerpc architecture (PowerPC)
        Size/MD5 checksum:    73706 e4a146433743abf48e01b6be3608fb47
        Size/MD5 checksum:    94702 a1243857e644e20ca51b20266fbbf24e
        Size/MD5 checksum:   363848 dc4e8ddc4739f6c117bd505a334246e9
        Size/MD5 checksum:   152902 da40086b552b926909e4790c4ed2652e
        Size/MD5 checksum:   223502 7d647c800390c200b20eb2fb6c6796fe
        Size/MD5 checksum:   888818 00f93699976688018767f92127c92146
        Size/MD5 checksum:  7309922 d55db0fc573736750274978dc3fe3919
        Size/MD5 checksum:  3594314 2b90465786a3d5bd41985f02bebf3e92
        Size/MD5 checksum: 51511192 2c5ca2520c427369b77f410fb2428324
    s390 architecture (IBM S/390)
        Size/MD5 checksum:   223256 8b29a37034de2b6918587ae3d4cdbbea
        Size/MD5 checksum:   407590 1480834a695a03d01a594027417c43c8
        Size/MD5 checksum:   909590 05c3cf3fd63e0bb07c80078a919a7ab5
        Size/MD5 checksum:    73560 e03a2f2529faa1dd1d08fab11461a90c
        Size/MD5 checksum:   155494 536d0d61dfbc28627519c61c4c9e655a
        Size/MD5 checksum: 51290136 09cdceb2f94f0acd6b6e6c1c0226d247
        Size/MD5 checksum:  3609494 383710d8ce2fffb224b0be4b8758c202
        Size/MD5 checksum:  8425642 49bf86be9b3028f4bd759ff04a64b929
        Size/MD5 checksum:   105762 17b7441c2ba313b1168ea7074060e4fb
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum:   350660 024d0b9c15a66f4b68b2df03aa48d74f
        Size/MD5 checksum:   821924 4a376e82b02d887e16339716b094267f
        Size/MD5 checksum:  3572840 a34ee3db29b64acb294925c11ee4519a
        Size/MD5 checksum:  7184752 d261fa9654eb60e211815790119b755d
        Size/MD5 checksum: 49453574 edcf736213987e621a58bb28c06b0a81
        Size/MD5 checksum:   143848 a40609056043b8005ff085eae3cac102
        Size/MD5 checksum:    88568 e909584468eeb7e33f6fc5176b1d2a2c
        Size/MD5 checksum:    69646 f006bb1a7a54590072a23c30e53a2872
        Size/MD5 checksum:   224258 e841c8d1bc29c1fc650de716b247cd4e
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"12","type":"x","order":"1","pct":36.36,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.18,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":45.45,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.