Ubuntu 1353-1: Xulrunnner vulnerabilities

    Date08 Feb 2012
    CategoryUbuntu
    25
    Posted ByLinuxSecurity Advisories
    Several security issues were fixed in Xulrunner.
    ==========================================================================
    Ubuntu Security Notice USN-1353-1
    February 08, 2012
    
    xulrunner-1.9.2 vulnerabilities
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 10.10
    - Ubuntu 10.04 LTS
    
    Summary:
    
    Several security issues were fixed in Xulrunner.
    
    Software Description:
    - xulrunner-1.9.2: Mozilla Gecko runtime environment
    
    Details:
    
    Jesse Ruderman and Bob Clary discovered memory safety issues affecting the
    Gecko Browser engine. If the user were tricked into opening a specially
    crafted page, an attacker could exploit these to cause a denial of service
    via application crash, or potentially execute code with the privileges of
    the user invoking Xulrunner. (CVE-2012-0442)
    
    It was discovered that the Gecko Browser engine did not properly handle
    node removal in the DOM. If the user were tricked into opening a specially
    crafted page, an attacker could exploit this to cause a denial of service
    via application crash, or potentially execute code with the privileges of
    the user invoking Xulrunner. (CVE-2011-3659)
    
    It was discovered that memory corruption could occur during the decoding of
    Ogg Vorbis files. If the user were tricked into opening a specially crafted
    file, an attacker could exploit this to cause a denial of service via
    application crash, or potentially execute code with the privileges of the
    user invoking Xulrunner. (CVE-2012-0444)
    
    Nicolas Gregoire and Aki Helin discovered that when processing a malformed
    embedded XSLT stylesheet, Xulrunner can crash due to memory corruption. If
    the user were tricked into opening a specially crafted page, an attacker
    could exploit this to cause a denial of service via application crash, or
    potentially execute code with the privileges of the user invoking Xulrunner.
    (CVE-2012-0449)
    
    Gregory Fleischer discovered that requests using IPv6 hostname syntax
    through certain proxies might generate errors. An attacker might be able to
    use this to read sensitive data from the error messages. (CVE-2011-3670)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 10.10:
      xulrunner-1.9.2                 1.9.2.26+build2+nobinonly-0ubuntu0.10.10.1
    
    Ubuntu 10.04 LTS:
      xulrunner-1.9.2                 1.9.2.26+build2+nobinonly-0ubuntu0.10.04.1
    
    After a standard system update you need to restart Yelp or any other
    application based on Xulrunner to make all the necessary changes.
    
    References:
      http://www.ubuntu.com/usn/usn-1353-1
      CVE-2011-3659, CVE-2011-3659, CVE-2011-3670, CVE-2012-0442,
      CVE-2012-0444, CVE-2012-0449
    
    Package Information:
      https://launchpad.net/ubuntu/+source/xulrunner-1.9.2/1.9.2.26+build2+nobinonly-0ubuntu0.10.10.1
      https://launchpad.net/ubuntu/+source/xulrunner-1.9.2/1.9.2.26+build2+nobinonly-0ubuntu0.10.04.1
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":56.1,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.2,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":31.71,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.