Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 2106-1 (xulrunner)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to xulrunner announced via advisory DSA 2106-1.
Insight
Insight
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: - - Implementation errors in XUL processing allow the execution of arbitrary code (CVE-2010-2760, CVE-2010-3167, CVE-2010-3168) - - An implementation error in the XPCSafeJSObjectWrapper wrapper allows the bypass of the same origin policy (CVE-2010-2763) - - An integer overflow in frame handling allows the execution of arbitrary code (CVE-2010-2765) - - An implementation error in DOM handling allows the execution of arbitrary code (CVE-2010-2766) - - Incorrect pointer handling in the plugin code allow the execution of arbitrary code (CVE-2010-2767) - - Incorrect handling of an object tag may lead to the bypass of cross site scripting filters (CVE-2010-2768) - - Incorrect copy and paste handling could lead to cross site scripting (CVE-2010-2769) - - Crashes in the layout engine may lead to the execution of arbitrary code (CVE-2010-3169) For the stable distribution (lenny), these problems have been fixed in version 1.9.0.19-4. For the unstable distribution (sid), these problems have been fixed in version 3.5.12-1 of the iceweasel source package (which now builds the xulrunner library binary packages). For the experimental distribution, these problems have been fixed in version 3.6.9-1 of the iceweasel source package (which now builds the xulrunner library binary packages). We recommend that you upgrade your xulrunner packages.
Solution
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202106-1