Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Debian: DSA-1532-1 Moderate: Xulrunner Remote Flaws Exploited

debian
Calendar Grey March 27, 2008
Debian Logo
Enhance your xulrunner iterations to address external vulnerabilities and improve safety measures. Refer to notice DSA-1532-1 for comprehensive insights.
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications

Summary


Peter Brodersen and Alexander Klink discovered that the
autoselection of SSL client certificates could lead to users
being tracked, resulting in a loss of privacy.

CVE-2008-1233

"moz_bug_r_a4" discovered that variants of CVE-2007-3738 and
CVE-2007-5338 allow the execution of arbitrary code through
XPCNativeWrapper.

CVE-2008-1234

"moz_bug_r_a4" discovered that insecure handling of event
handlers could lead to cross-site scripting.

CVE-2008-1235

Boris Zbarsky, Johnny Stenback, and "moz_bug_r_a4" discovered
that incorrect principal handling could lead to cross-site
scripting and the execution of arbitrary code.

CVE-2008-1236

Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats
Palmgren discovered crashes in the layout engine, which might
allow the execution of arbitrary code.

CVE-2008-1237

"georgi", "tgirmann" and Igor Bukanov discovered crashes in the
Javascript engine, which might allow the execut...

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here