Debian 4.0 DSA-1615-1 Critical: Xulrunner Security Advisory
debian
July 23, 2008
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications
Summary
It was discovered that missing boundary checks on a reference
counter for CSS objects can lead to the execution of arbitrary code.
CVE-2008-2798
Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of
arbitrary code.
CVE-2008-2799
Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in
the Javascript engine, which might allow the execution of arbitrary code.
CVE-2008-2800
"moz_bug_r_a4" discovered several cross-site scripting vulnerabilities.
CVE-2008-2801
Collin Jackson and Adam Barth discovered that Javascript code
could be executed in the context of signed JAR archives.
CVE-2008-2802
"moz_bug_r_a4" discovered that XUL documements can escalate
privileges by accessing the pre-compiled "fastload" file.
CVE-2008-2803
"moz_bug_r_a4" discovered that missing input sanitising in the
mozIJSSubScriptLoader.loadSubScript() function could lead t...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!