Debian Security Advisory DSA 1345-1 (xulrunner)

The remote host is missing an update to xulrunner announced via advisory DSA 1345-1.

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3844 moz_bug_r_a4 discovered that a regression in the handling of about:blank windows used by addons may lead to an attacker being able to modify the content of web sites. CVE-2007-3845 Jesper Johansson discovered that missing sanitising of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page. The oldstable distribution (sarge) doesn't include xulrunner. For the stable distribution (etch) these problems have been fixed in version 1.8.0.13~pre070720-0etch3. For the unstable distribution (sid) these problems have been fixed in version 1.8.1.6-1. We recommend that you upgrade your xulrunner packages.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201345-1