"moz_bug_r_a4" discovered that a regression in the handling of
"about:blank" windows used by addons may lead to an attacker being
able to modify the content of web sites.
CVE-2007-3845
Jesper Johansson discovered that missing sanitising of double-quotes
and spaces in URIs passed to external programs may allow an attacker
to pass arbitrary arguments to the helper program if the user is
tricked into opening a malformed web page.
The oldstable distribution (sarge) doesn't include xulrunner.
For the stable distribution (etch) these problems have been fixed in version
1.8.0.13~pre070720-0etch3.
For the unstable distribution (sid) these problems have been fixed in version
1.8.1.6-1.
We recommend that you upgrade your xulrunner packages.
Upgrade Instructions
- --------------------wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources....
Get the latest Linux and open source security news straight to your inbox.