Debian DSA-2106-2 Critical: Xulrunner Remote Crash Exploit Fix
debian
September 19, 2010
DSA-2106-1 introduced a regression that could lead to an application crash
Topics Covered
Summary
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:
- - Implementation errors in XUL processing allow the execution of
arbitrary code (CVE-2010-2760, CVE-2010-3167, CVE-2010-3168)
- - An implementation error in the XPCSafeJSObjectWrapper wrapper allows
the bypass of the same origin policy (CVE-2010-2763)
- - An integer overflow in frame handling allows the execution of
arbitrary code (CVE-2010-2765)
- - An implementation error in DOM handling allows the execution of
arbitrary code (CVE-2010-2766)
- - Incorrect pointer handling in the plugin code allow the execution of
arbitrary code (CVE-2010-2767)
- - Incorrect handling of an object tag may lead to the bypass of cross
site scripting filters (CVE-2010-2768)
- - Incorrect copy and paste handling could lead to cross site scripting
(CVE-2010-2769)
- - Crashes in the layout engine may lead to the exe...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!