Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Debian Stable Upgrade: DSA-1484-1 Moderate Threats in Xulrunner

debian
Calendar Grey February 10, 2008
Debian Logo
Patch issued for several remote security flaws identified in Debian’s xulrunner framework. Immediate update advised.
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications

Summary


Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul
Nickerson discovered crashes in the layout engine, which might allow
the execution of arbitrary code.

CVE-2008-0413

Carsten Book, Wesley Garland, Igor Bukanov, "moz_bug_r_a4", "shutdown",
Philip Taylor and "tgirmann" discovered crashes in the Javascript
engine, which might allow the execution of arbitrary code.

CVE-2008-0414

"hong" and Gregory Fleisher discovered that file input focus
vulnerabilities in the file upload control could allow information
disclosure of local files.

CVE-2008-0415

"moz_bug_r_a4" and Boris Zbarsky discovered discovered several
vulnerabilities in Javascript handling, which could allow
privilege escalation.

CVE-2008-0417

Justin Dolske discovered that the password storage machanism could
be abused by malicious web sites to corrupt existing saved passwords.

CVE-2008-0418

Gerry Eisenhaur and "moz_bug_r_a4" discovered that a d...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here