Debian Security Advisory DSA 2027-1 (xulrunner)

Information

Severity

Severity

Critical

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

12 years ago

Modified

Modified

4 years ago

Summary

The remote host is missing an update to xulrunner announced via advisory DSA 2027-1.

Insight

Insight

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0174 Jesse Ruderman and Ehsan Akhgari discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2010-0175 It was discovered that incorrect memory handling in the XUL event handler might allow the execution of arbitrary code. CVE-2010-0176 It was discovered that incorrect memory handling in the XUL event handler might allow the execution of arbitrary code. CVE-2010-0177 It was discovered that incorrect memory handling in the plugin code might allow the execution of arbitrary code. CVE-2010-0178 Paul Stone discovered that forced drag-and-drop events could lead to Chrome privilege escalation. CVE-2010-0179 It was discovered that a programming error in the XMLHttpRequestSpy module could lead to the execution of arbitrary code. For the stable distribution (lenny), these problems have been fixed in version 1.9.0.19-1. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your xulrunner packages.

Solution

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202027-1

Download Mageni to scan and fix this vulnerability. It is free and easy.

Processing. Please wait...

Free for 7-days then $4 USD monthly regardless of how many IPs, scans, users, or deployments you have. No Contracts, Cancel at Anytime and 7-days Money-Back Guarantee.