Debian Security Advisory DSA 2027-1 (xulrunner)

The remote host is missing an update to xulrunner announced via advisory DSA 2027-1.

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0174 Jesse Ruderman and Ehsan Akhgari discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2010-0175 It was discovered that incorrect memory handling in the XUL event handler might allow the execution of arbitrary code. CVE-2010-0176 It was discovered that incorrect memory handling in the XUL event handler might allow the execution of arbitrary code. CVE-2010-0177 It was discovered that incorrect memory handling in the plugin code might allow the execution of arbitrary code. CVE-2010-0178 Paul Stone discovered that forced drag-and-drop events could lead to Chrome privilege escalation. CVE-2010-0179 It was discovered that a programming error in the XMLHttpRequestSpy module could lead to the execution of arbitrary code. For the stable distribution (lenny), these problems have been fixed in version 1.9.0.19-1. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your xulrunner packages.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202027-1