Linux Security
    Linux Security
    Linux Security

    Debian: DSA-2124-1: New Xulrunner packages fix several vulnerabilities

    Date 01 Nov 2010
    Posted By LinuxSecurity Advisories
    Several vulnerabilities have been discovered in Xulrunner, the component that provides the core functionality of Iceweasel, Debian's variant of Mozilla's browser technology.
    Hash: SHA1
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-2124-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                           Florian Weimer
    November 01, 2010           
    - ------------------------------------------------------------------------
    Package        : xulrunner
    Vulnerability  : several
    Problem type   : local (remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2010-3765 CVE-2010-3174 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3183
    Several vulnerabilities have been discovered in Xulrunner, the
    component that provides the core functionality of Iceweasel, Debian's
    variant of Mozilla's browser technology.
    The Common Vulnerabilities and Exposures project identifies the
    following problems:
    	Xulrunner allows remote attackers to execute arbitrary code
    	via vectors related to nsCSSFrameConstructor::ContentAppended,
    	the appendChild method, incorrect index tracking, and the
    	creation of multiple frames, which triggers memory corruption.
    	Multiple unspecified vulnerabilities in the browser engine in
    	Xulrunner allow remote attackers to cause a denial of service
    	(memory corruption and application crash) or possibly execute
    	arbitrary code via unknown vectors.
    	Multiple cross-site scripting (XSS) vulnerabilities in the
    	Gopher parser in Xulrunner allow remote attackers to inject
    	arbitrary web script or HTML via a crafted name of a (1) file
    	or (2) directory on a Gopher server.
    	Xulrunner does not properly handle certain modal calls made by
    	javascript: URLs in circumstances related to opening a new
    	window and performing cross-domain navigation, which allows
    	remote attackers to bypass the Same Origin Policy via a
    	crafted HTML document.
    	Stack-based buffer overflow in the text-rendering
    	functionality in Xulrunner allows remote attackers to execute
    	arbitrary code or cause a denial of service (memory corruption
    	and application crash) via a long argument to the
    	document.write method.
    	Use-after-free vulnerability in the nsBarProp function in
    	Xulrunner allows remote attackers to execute arbitrary code by
    	accessing the locationbar property of a closed window.
    	The LookupGetterOrSetter function in Xulrunner does not
    	properly support window.__lookupGetter__ function calls that
    	lack arguments, which allows remote attackers to execute
    	arbitrary code or cause a denial of service (incorrect pointer
    	dereference and application crash) via a crafted HTML
    In addition, this security update includes corrections for regressions
    caused by the fixes for CVE-2010-0654 and CVE-2010-2769 in DSA-2075-1
    and DSA-2106-1.
    For the stable distribution (lenny), these problems have been fixed in
    For the unstable distribution (sid) and the upcoming stable
    distribution (squeeze), these problems have been fixed in version
    3.5.15-1 of the iceweasel package.
    We recommend that you upgrade your Xulrunner packages.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    Source archives:
        Size/MD5 checksum:     1755 e07e9c6f05d92caf3c5a068b8cf249e1
        Size/MD5 checksum: 44174623 83667df1e46399960593fdd8832e958e
        Size/MD5 checksum:   176924 9ac56cbdededbd37f30b2fbf85724ba1
    Architecture independent packages:
        Size/MD5 checksum:  1466740 4db5a3cb380642680fc8584bbd559c1c
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:   223584 461a28c6405acd4f9bb0576e2982da4e
        Size/MD5 checksum:  9491974 d636e29b64c83a2a43d7cf50231ef343
        Size/MD5 checksum:  3358362 08e9f79784ad3ba52a30aa1e71553d95
        Size/MD5 checksum:   113684 95e4be0c1b10b218859e810ded67ce0d
        Size/MD5 checksum: 51201246 ad06f952e5d32680b1739970c0af38d3
        Size/MD5 checksum:   165678 3336d43295e15ec246acb9d65aa1684b
        Size/MD5 checksum:   940892 45e2a60037bb7bff9c73c882d87d7dbc
        Size/MD5 checksum:    72724 742cc5e1c363163a192c6cb6fdb5205a
        Size/MD5 checksum:   433560 ea475e8ea28eef6f33881499cfe4179a
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum:    70560 9b6ee7fb354dae5d78b03911ee5de94c
        Size/MD5 checksum:   102210 3ec67b7e662e5a28228422676408138a
        Size/MD5 checksum:   891472 54b7b88accdfc1afe4f3e35669323c26
        Size/MD5 checksum:   375598 8c057b0858c9518ec39c64a9e378998c
        Size/MD5 checksum:   153740 d3803bab845ace63025958f0035cee51
        Size/MD5 checksum:  3298226 4832e7665e19a3301587f45657613c8a
        Size/MD5 checksum:   223568 f464b4aa584a79a5639d3c7361df8437
        Size/MD5 checksum: 50454656 0743e8ba1643eef745c87c59cc17c554
        Size/MD5 checksum:  7734448 c872c7bf80990a6d80e79d1147cf4701
    arm architecture (ARM)
        Size/MD5 checksum:   351476 6b3d9c8fe879e8963523443c4c9a0741
        Size/MD5 checksum:    68742 41a546be60e4d7c1c5d03e9e994b89f9
        Size/MD5 checksum:   141078 99a1ca3e81b9b8d8769d044115f7e349
        Size/MD5 checksum:  3586576 9eccd861365ab77dc6ced37bf9430e58
        Size/MD5 checksum: 49403312 80ee2609ed8657844eb34d12096f17b0
        Size/MD5 checksum:    84422 242a44cfe822e79975f291553cf26d86
        Size/MD5 checksum:   815626 453e7cb1e3823a9196cf4a4338116834
        Size/MD5 checksum:  6807342 ff5e6f9aaeb25dff90ce89dd2cc60652
        Size/MD5 checksum:   222578 5bc459b6b8e2af17cac9b18dfc1b82e3
    armel architecture (ARM EABI)
        Size/MD5 checksum:    71074 755a0a4267349287b1da5de5e9be0021
        Size/MD5 checksum: 50231752 b2bb2fbb6964339ea465f495a19dea81
        Size/MD5 checksum:   223724 ead62af874d36c771f1f25c146982d84
        Size/MD5 checksum:   353748 1606af72d97b8ca06792f90326f23b8d
        Size/MD5 checksum:    84326 9737260affb7e38ea553d72c07b4ecd2
        Size/MD5 checksum:   142212 973e6e0e3eba1bcb451fbf9519cb261b
        Size/MD5 checksum:  3583542 0c64d395a9b6d8295438e4163110bb58
        Size/MD5 checksum:  6967098 be90fb28695ebf960668af8787923749
        Size/MD5 checksum:   824452 b210f74f1d99e6c1d9adbfb5e55225cb
    i386 architecture (Intel ia32)
        Size/MD5 checksum:  6614408 93c72cde788476b48dacd580a8f0f0b8
        Size/MD5 checksum:   143160 b5e3590ebdbf7223c0bac024af05b5f2
        Size/MD5 checksum: 49607238 0f4cd75a85c5ae2e17e340c52481cb77
        Size/MD5 checksum:   852434 78449aa7888666a397684634e96070d5
        Size/MD5 checksum:    69152 9e8724cdf374b7b228f534f04a631f72
        Size/MD5 checksum:    79750 c3e7e841531ea35242fe2a2d511ef704
        Size/MD5 checksum:   224634 51de208fab610ca69ae485c5621aca72
        Size/MD5 checksum:   352144 5b52b17bfdf01bf8f30305e4ed7e48b1
        Size/MD5 checksum:  3574880 c443390f8b9ef56b5e0ce7b4edfc91e0
    ia64 architecture (Intel ia64)
        Size/MD5 checksum:   121966 55eb541ff1cce6c6f8edf6f8ed4d0ea2
        Size/MD5 checksum:   223578 c2bd9d8d641d2e57a31621613fa19fa7
        Size/MD5 checksum:  3401224 1f5b77b79cdd20fc741ed9fac2cffc87
        Size/MD5 checksum: 49791322 7cfc30611f2acaa91cabee8f0a7c6259
        Size/MD5 checksum:    76990 e59e3e9eadd95fb0a5cc6453bdaeff0b
        Size/MD5 checksum:   542938 17a363bae7a8fbc5973ce38e2d99b8ee
        Size/MD5 checksum:   180670 f1bfb87d0370d165254c7192d066764f
        Size/MD5 checksum:   811756 046cde5fd861d4fdae89b079726ce972
        Size/MD5 checksum: 11320366 9893c16ece56647f42702eb2e173e671
    mips architecture (MIPS (Big Endian))
        Size/MD5 checksum:    96770 0fac3de71825c688751b5c40b95c8d98
        Size/MD5 checksum:    69814 8a8b34fedb2d35fcea5c281aa252c8ae
        Size/MD5 checksum:   222760 54aa507a287a89f2f395c46d10ced43b
        Size/MD5 checksum:   917958 27ac8e895138f658dd88fdadaef6d453
        Size/MD5 checksum:  7674738 68b41bbb0ade1076f3ff9d502e07e683
        Size/MD5 checksum:  3612480 bfe2fe243bc6a63445c8afed1d8f42f4
        Size/MD5 checksum: 51958928 caf4012f9054b5ddb9d1034d4f6a2310
        Size/MD5 checksum:   380340 607b465eab33052962ed2e2bf407b202
        Size/MD5 checksum:   144924 c668c26f27148096fdd00b4ccdf57603
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum:   145522 d9ab5a31361170b1929e5e3fc8d3737f
        Size/MD5 checksum:   901150 93a76c67627dcede38ede95ef0dbab24
        Size/MD5 checksum:   379500 cdd76a729549920fa7c43ad34904876a
        Size/MD5 checksum:  3312100 42d95093bed6583e44f9ada333663b96
        Size/MD5 checksum:    97214 7ac3fe244d75bd86ed505057c88b38b5
        Size/MD5 checksum: 50087916 974829f5edf774ccad8a7960db5c504f
        Size/MD5 checksum:    70344 f53cab5743dd5d1909e5258715cd1086
        Size/MD5 checksum:  7389996 f1b3960ade2639292a0da9fcbd61f02c
        Size/MD5 checksum:   223582 edc6ad64cd525b4daae6fd999c8d19d7
    powerpc architecture (PowerPC)
        Size/MD5 checksum:    94838 a4e8fa67eeaff37d5a446e77267258c9
        Size/MD5 checksum:   363960 2d4c97ca00e68f6bd6e27afd48de5f1f
        Size/MD5 checksum:  7310408 1d29190b38183dc74fa0875ff711ffd3
        Size/MD5 checksum:   153028 670b97cca442bed3a3e4650e2627009f
        Size/MD5 checksum: 51515576 c4c9a54f4a99ba7091101e110e28f017
        Size/MD5 checksum:    73840 becb987c75679d68d168a0cc48c74808
        Size/MD5 checksum:  3594708 66e0554415ceeebf5d82dce11fbc7085
        Size/MD5 checksum:   223610 a449f47ed74e8b0b63bea10db09a426d
        Size/MD5 checksum:   889260 a38eca26e981a4a6f3b6d4ee66a5844b
    s390 architecture (IBM S/390)
        Size/MD5 checksum:  8428652 b9c392806759ca7581f0f145b99de35a
        Size/MD5 checksum:   223378 1be85952bf41e41bf5b54731b33a3ab6
        Size/MD5 checksum:  3609788 9487f101466ff241d70aae1fe3065833
        Size/MD5 checksum: 51305860 158c80447223be1274ba3989c40c9c66
        Size/MD5 checksum:   105898 710c5b7e247627f1b71d0f45fadc6f49
        Size/MD5 checksum:   909890 cc44415e624fb85ec0c15701ad9323f4
        Size/MD5 checksum:   155634 9bf9c3e1112b7e375c093344811ad80e
        Size/MD5 checksum:   407812 d8a32aaca5153e1a7b1a16eb845adeca
        Size/MD5 checksum:    73694 4c6e5f8fe51261b53bedf2c2a86c253b
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum:   350814 3fca198c20594b5186c6af4374137441
        Size/MD5 checksum:  3573188 4e66692a21ba0b801e0738755622b32d
        Size/MD5 checksum:   822252 d8d12bad98ff28922292dd6ac0033d41
        Size/MD5 checksum:   143946 62c97e42c256b5f1b00a296929dca270
        Size/MD5 checksum:    69772 2589d7c12b722e1143a481c9f950830a
        Size/MD5 checksum:    88688 d8ad8c57f7a2323c56030ae63d2af1a3
        Size/MD5 checksum:  7185904 6decab3add2327b2e45f92b7fc11f607
        Size/MD5 checksum:   224374 ce1dc6ac823828c32fd31d440590d099
        Size/MD5 checksum: 49466464 5b94316f597a4c08377976e5075483c5
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and


    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.