- ------------------------------------------------------------------------
Debian Security Advisory DSA-2106-2                  security@debian.org
http://www.debian.org/security/                           Stefan Fritsch
September 19, 2010                    http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : xulrunner
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2010-2760 CVE-2010-2763 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169

DSA-2106-1 introduced a regression that could lead to an application
crash.  This update fixes this problem.  For reference, the text of
the original advisory is provided below.

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:

- - Implementation errors in XUL processing allow the execution of
  arbitrary code (CVE-2010-2760, CVE-2010-3167, CVE-2010-3168)

- - An implementation error in the XPCSafeJSObjectWrapper wrapper allows
  the bypass of the same origin policy (CVE-2010-2763)

- - An integer overflow in frame handling allows the execution of
  arbitrary code (CVE-2010-2765)

- - An implementation error in DOM handling allows the execution of
  arbitrary code (CVE-2010-2766)

- - Incorrect pointer handling in the plugin code allow the execution of
  arbitrary code (CVE-2010-2767)

- - Incorrect handling of an object tag may lead to the bypass of cross
  site scripting filters (CVE-2010-2768)

- - Incorrect copy and paste handling could lead to cross site scripting
  (CVE-2010-2769)

- - Crashes in the layout engine may lead to the execution of arbitrary
  code (CVE-2010-3169)


For the stable distribution (lenny), the problem has been fixed in 
version 1.9.0.19-5. The packages for the mips architecture are not
included in this update. They will be released as soon as they become
available.

We recommend that you upgrade your xulrunner packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mipsel, powerpc, s390 and sparc.

Source archives:

      Size/MD5 checksum: 44174623 83667df1e46399960593fdd8832e958e
      Size/MD5 checksum:     1755 ec1bbbbd68484fd56658004d35660079
      Size/MD5 checksum:   163246 2c2544dd4c410435fa0c80a337471b3f

Architecture independent packages:

      Size/MD5 checksum:  1482996 863ccb72f1a414ed13bd27405afba771

alpha architecture (DEC Alpha)

      Size/MD5 checksum:   164820 a3c3627598bfccbd464b12afc9fd1518
      Size/MD5 checksum: 51198504 3d8d5f458c570c8a269865747845b000
      Size/MD5 checksum:    72756 d7d444c19f110c887596e8c6c1a52aaf
      Size/MD5 checksum:   433826 32e8706fe2a306c1f9908a620246c83a
      Size/MD5 checksum:   223118 90e749bb96774053f296271a5b8eb0ba
      Size/MD5 checksum:  9506608 5026aba96d3ace32f1c178fc94316eee
      Size/MD5 checksum:  3656240 9b19520d0180d224d4df695d22c9df23
      Size/MD5 checksum:   939550 e33c90da76aba433f506bac4852f8590
      Size/MD5 checksum:   113604 6e3ab285138ff64e0a4899cb827c6f2f

amd64 architecture (AMD x86_64 (AMD64))

      Size/MD5 checksum: 50443192 60952c4d1272b7d54a4b35598d9da9d8
      Size/MD5 checksum:   102114 2630d71984e9c30fa2746f456a796cd2
      Size/MD5 checksum:    70732 48884179fb002f92523ce7bfd6798084
      Size/MD5 checksum:   223858 b6eb38fe9289d8833d543b82fe4bfb5a
      Size/MD5 checksum:   889010 4dd57cef68b3d1c79b5f59d454b9bef6
      Size/MD5 checksum:   375468 ecf7e48691e5c25d2bc0c595e6c36cfe
      Size/MD5 checksum:   151934 6ee561d1343bf016cd414f06a94f3e60
      Size/MD5 checksum:  7760866 3c73945a0610ccea86c76196a7c79f34
      Size/MD5 checksum:  3599590 64eb9e9b0251431bf01cd2e60a9785d0

arm architecture (ARM)

      Size/MD5 checksum:   141014 fb1255ccb4e5646300e8bba498660ad5
      Size/MD5 checksum:  3585712 ad72df20198c5cc79e337f8507c6c48a
      Size/MD5 checksum:  6805246 abd81f6ced5c7299fc8a05f2c3520ce1
      Size/MD5 checksum:   351212 60d0055ecad06c8c9d9f59d06e17e9bb
      Size/MD5 checksum:   222458 c7c114018b7e0268f14943426f60d94f
      Size/MD5 checksum:    68642 af773dca5a82c3aa0abf27e681d8a90d
      Size/MD5 checksum:   815538 d73b178e2767270be079bdc5e4cecfcc
      Size/MD5 checksum:    84322 29e52b125176656f5c9c8664a44be1ad
      Size/MD5 checksum: 49392796 1349ace1f4f196b056477933b85d6d16

armel architecture (ARM EABI)

      Size/MD5 checksum:   223806 d06a0dde42603edc4b089d0ce834b8e9
      Size/MD5 checksum:   823636 e997a585134758bec02c21f18618ea3a
      Size/MD5 checksum:    84804 9bbdb55e360c737904982ff43f97974c
      Size/MD5 checksum:   353696 74dedf4e35b293c7f5b22995ba3c5de4
      Size/MD5 checksum: 50230536 6851612699cfc0ec0a7877b5b630f167
      Size/MD5 checksum:   143112 3bdc142df48c7ec431231144bcb158c5
      Size/MD5 checksum:    70792 5984352da6eabbbf441b0b33bf9d2fe5
      Size/MD5 checksum:  6964468 b84c83530e8a6d3ca2624d90114963f0
      Size/MD5 checksum:  3574352 35effd484fe142a5ff6a68cd1e77734d

hppa architecture (HP PA RISC)

      Size/MD5 checksum:  3634146 ddeaa56c11874081d665a76fcd94a874
      Size/MD5 checksum:   158850 f616289ae7a428592b161d18e2d0e0c1
      Size/MD5 checksum:  9526792 0228e4b668c53522396fe7a879fe9344
      Size/MD5 checksum:   413666 e33c363476788bdd36a467167614f3ea
      Size/MD5 checksum:   107082 0b890dc85fbe833ffd677d93ed46a945
      Size/MD5 checksum:   223694 90eb5dc6be20d6b8b92479c2bd3664b2
      Size/MD5 checksum:   899588 99c6840d251b6af4674eb8a5b10cd8b9
      Size/MD5 checksum: 51324268 91f3a8d45df03a071b906f5df3f77e3e
      Size/MD5 checksum:    72370 d284cc5ccc8128047be7ca47abccb8c3

i386 architecture (Intel ia32)

      Size/MD5 checksum:   143310 9a7235f534fefb69f7b2be82acb46aa1
      Size/MD5 checksum:  6609704 5eb43fd05f98fb11d5b4d26924cd6198
      Size/MD5 checksum:   223422 15262b4fd94836bbe5a33ffcada84e65
      Size/MD5 checksum:   852190 24a8f292a796fd0dbf178c951b6c8797
      Size/MD5 checksum:    69116 964e42537f3de906a65ea049ae93fd97
      Size/MD5 checksum:    81330 583d92d9026ca84223c80df6ce0419a3
      Size/MD5 checksum:  3575548 7591d4af2fd13d969b484f751ca27baa
      Size/MD5 checksum:   352020 553e33e939ebcc65f320f1fa44459de8
      Size/MD5 checksum: 49616804 d4bd40f509bde790d9a1496d58f76aae

ia64 architecture (Intel ia64)

      Size/MD5 checksum: 49784610 819c0fb5c9e61445df68418861d18aeb
      Size/MD5 checksum:  3394160 9ed835ee648c8c39a66dbfca60787b74
      Size/MD5 checksum:   543660 f7729004b29834e49b3fecc5c4ba78a8
      Size/MD5 checksum: 11324396 30bf87d7d8ceccc28ec6d1b6e8d1763b
      Size/MD5 checksum:   179800 265a2fb2ca46bd076dfa714d9d27426e
      Size/MD5 checksum:   810292 d365624d16016c78f3048a2dffa62437
      Size/MD5 checksum:   120916 c04818031093fe58b5ae7bfd3a5f427c
      Size/MD5 checksum:   223416 6511f9967275910e0e7928d6946e3cfd
      Size/MD5 checksum:    76616 5292b0ac5fa70ad678c2da2c7a80ac75

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum:   145414 4c77ca84405c99f3688e8bcbbdcbdc60
      Size/MD5 checksum:   379210 a7b57c21209f463e1f0295a56765350e
      Size/MD5 checksum:    97122 c249f8d3b4519f499439e038f8f2bb15
      Size/MD5 checksum:    70238 c6ad278886d71e66c774d7cd47d1d00c
      Size/MD5 checksum: 50083906 d079c502ff5ab7e2184cd9c3f1f582f1
      Size/MD5 checksum:  3311894 38b26f3d288dc85dd10a9e1b34bf0fb5
      Size/MD5 checksum:   223502 8d0ab93b30d1a6880d3773d70b474e4e
      Size/MD5 checksum:  7388242 dfbaa496f48603caac48a284b883ca57
      Size/MD5 checksum:   900806 68b13018bf5527dd532efceb785c07df

powerpc architecture (PowerPC)

      Size/MD5 checksum:    73748 c330f71b1a6e75a98b0f3fa5d0439192
      Size/MD5 checksum:  3594420 7c54a9da185e7e193abf1b0ceb37f0f1
      Size/MD5 checksum:   152940 883c7de6b6fba1916948385bfe030146
      Size/MD5 checksum: 51508410 bb327b6a0865f0883030382ee4e56050
      Size/MD5 checksum:   363872 00a741c6ce8275f12815e8c373961976
      Size/MD5 checksum:   888786 888f3870be50d529586460a648804a9f
      Size/MD5 checksum:   223532 2583d5146e6856576fc3355b395dfbc6
      Size/MD5 checksum:    94742 cee4a1f0b7e5cedf03d75acb92b4679f
      Size/MD5 checksum:  7309892 d0588dfa2fe63a6397d8033524b2870a

s390 architecture (IBM S/390)

      Size/MD5 checksum:   105788 b065b0c1ba3e0cd839774e790be58a20
      Size/MD5 checksum:  3609554 d80b0042f3e7cc4f65a11f53fe856d15
      Size/MD5 checksum:   155508 aa45cb4161e0c6573fcd6e1c1fc1c36d
      Size/MD5 checksum: 51294436 a9f0b8992072d1487574afe97962b951
      Size/MD5 checksum:   407614 ef15b5a9710bfb20c7cfbe1ca65fdf46
      Size/MD5 checksum:    73598 b57c45bee450ad88ec60b5e037dd9ca6
      Size/MD5 checksum:   223288 05e1142586111744ad914ef12150ae73
      Size/MD5 checksum:  8424762 87f042255337202e79e925d26571a980
      Size/MD5 checksum:   909526 4f70ff65f8d75061dea60cc60af869ce

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:   224296 0e82aa025c4c256c3ade6c0afc76face
      Size/MD5 checksum:   821936 f14a59155733ec84b9236855457e4981
      Size/MD5 checksum:  3573228 5961930615833a0a8d300c61e96260ed
      Size/MD5 checksum: 49457542 2a2806ce2b8d24bbcd78d8688444b906
      Size/MD5 checksum:    69666 c71d3e4f66f2031023545c2547499f96
      Size/MD5 checksum:   350670 13aa3e96c2a1a63b0419e418edc2c090
      Size/MD5 checksum:  7184996 1bc558d8098271a45d800620fb342cd3
      Size/MD5 checksum:    88594 7c06dc1c0e1aea265f8d134b3857c65f
      Size/MD5 checksum:   143876 9cc35582879150b02736b50f8478f4a9


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/