Debian Security Advisory DSA 2106-1 (xulrunner)

The remote host is missing an update to xulrunner announced via advisory DSA 2106-1.

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: - - Implementation errors in XUL processing allow the execution of arbitrary code (CVE-2010-2760, CVE-2010-3167, CVE-2010-3168) - - An implementation error in the XPCSafeJSObjectWrapper wrapper allows the bypass of the same origin policy (CVE-2010-2763) - - An integer overflow in frame handling allows the execution of arbitrary code (CVE-2010-2765) - - An implementation error in DOM handling allows the execution of arbitrary code (CVE-2010-2766) - - Incorrect pointer handling in the plugin code allow the execution of arbitrary code (CVE-2010-2767) - - Incorrect handling of an object tag may lead to the bypass of cross site scripting filters (CVE-2010-2768) - - Incorrect copy and paste handling could lead to cross site scripting (CVE-2010-2769) - - Crashes in the layout engine may lead to the execution of arbitrary code (CVE-2010-3169) For the stable distribution (lenny), these problems have been fixed in version 1.9.0.19-4. For the unstable distribution (sid), these problems have been fixed in version 3.5.12-1 of the iceweasel source package (which now builds the xulrunner library binary packages). For the experimental distribution, these problems have been fixed in version 3.6.9-1 of the iceweasel source package (which now builds the xulrunner library binary packages). We recommend that you upgrade your xulrunner packages.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202106-1