Debian Local Security Checks : Debian: Security Advisory (DSA-1306-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.58353
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1306-1)
Summary:	The remote host is missing an update for the Debian 'xulrunner' package(s) announced via the DSA-1306-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'xulrunner' package(s) announced via the DSA-1306-1 advisory. Vulnerability Insight: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1362 Nicolas Derouet discovered that Xulrunner performs insufficient validation of cookies, which could lead to denial of service. CVE-2007-2867 Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn Wargers and Olli Pettay discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2007-2868 Brendan Eich, Igor Bukanov, Jesse Ruderman, moz_bug_r_a4 and Wladimir Palant discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2007-2869 Marcel discovered that malicious web sites can cause massive resource consumption through the auto completion feature, resulting in denial of service. CVE-2007-2870 moz_bug_r_a4 discovered that adding an event listener through the addEventListener() function allows cross-site scripting. CVE-2007-2871 Chris Thomas discovered that XUL popups can be abused for spoofing or phishing attacks. The oldstable distribution (sarge) doesn't include xulrunner. For the stable distribution (etch) these problems have been fixed in version 1.8.0.12-0etch1. The unstable distribution (sid) will be fixed soon. We recommend that you upgrade your xulrunner packages. Affected Software/OS: 'xulrunner' package(s) on Debian 4. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1116 Bugtraq: 20070223 Firefox Cache Hack - Firefox History Hack redux (Google Search) http://www.securityfocus.com/archive/1/461006/100/0/threaded Bugtraq: 20070223 Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux (Google Search) http://www.securityfocus.com/archive/1/461013/100/0/threaded http://www.gnucitizen.org/projects/hscan-redux/ http://osvdb.org/33804 http://securityreason.com/securityalert/2309 Common Vulnerability Exposure (CVE) ID: CVE-2007-1362 BugTraq ID: 22879 http://www.securityfocus.com/bid/22879 BugTraq ID: 24242 http://www.securityfocus.com/bid/24242 Bugtraq: 20070531 FLEA-2007-0023-1: firefox (Google Search) http://www.securityfocus.com/archive/1/470172/100/200/threaded Cert/CC Advisory: TA07-151A http://www.us-cert.gov/cas/techalerts/TA07-151A.html Debian Security Information: DSA-1300 (Google Search) http://www.debian.org/security/2007/dsa-1300 Debian Security Information: DSA-1306 (Google Search) http://www.debian.org/security/2007/dsa-1306 Debian Security Information: DSA-1308 (Google Search) http://www.debian.org/security/2007/dsa-1308 http://security.gentoo.org/glsa/glsa-200706-06.xml HPdes Security Advisory: HPSBUX02153 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 HPdes Security Advisory: SSRT061181 http://www.mandriva.com/security/advisories?name=MDKSA-2007:120 http://www.mandriva.com/security/advisories?name=MDKSA-2007:126 http://www.osvdb.org/35139 http://osvdb.org/35140 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10759 http://www.redhat.com/support/errata/RHSA-2007-0400.html http://www.redhat.com/support/errata/RHSA-2007-0401.html http://www.redhat.com/support/errata/RHSA-2007-0402.html http://www.securitytracker.com/id?1018162 http://www.securitytracker.com/id?1018163 http://secunia.com/advisories/25476 http://secunia.com/advisories/25490 http://secunia.com/advisories/25533 http://secunia.com/advisories/25534 http://secunia.com/advisories/25559 http://secunia.com/advisories/25635 http://secunia.com/advisories/25647 http://secunia.com/advisories/25685 http://secunia.com/advisories/25750 http://secunia.com/advisories/25858 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857 SuSE Security Announcement: SUSE-SA:2007:036 (Google Search) http://www.novell.com/linux/security/advisories/2007_36_mozilla.html http://www.ubuntu.com/usn/usn-468-1 http://www.vupen.com/english/advisories/2007/1994 XForce ISS Database: mozilla-doccookie-dos(34613) https://exchange.xforce.ibmcloud.com/vulnerabilities/34613 Common Vulnerability Exposure (CVE) ID: CVE-2007-2867 Bugtraq: 20070620 FLEA-2007-0027-1: thunderbird (Google Search) http://www.securityfocus.com/archive/1/471842/100/0/threaded CERT/CC vulnerability note: VU#751636 http://www.kb.cert.org/vuls/id/751636 Debian Security Information: DSA-1305 (Google Search) http://www.debian.org/security/2007/dsa-1305 http://fedoranews.org/cms/node/2747 http://fedoranews.org/cms/node/2749 HPdes Security Advisory: HPSBUX02156 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 HPdes Security Advisory: SSRT061236 http://www.mandriva.com/security/advisories?name=MDKSA-2007:119 http://www.mandriva.com/security/advisories?name=MDKSA-2007:131 http://osvdb.org/35134 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10066 http://www.securitytracker.com/id?1018151 http://www.securitytracker.com/id?1018153 http://secunia.com/advisories/24406 http://secunia.com/advisories/24456 http://secunia.com/advisories/25469 http://secunia.com/advisories/25488 http://secunia.com/advisories/25489 http://secunia.com/advisories/25491 http://secunia.com/advisories/25492 http://secunia.com/advisories/25496 http://secunia.com/advisories/25644 http://secunia.com/advisories/25664 http://secunia.com/advisories/27423 http://secunia.com/advisories/28363 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103136-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201532-1 http://www.ubuntu.com/usn/usn-469-1 http://www.vupen.com/english/advisories/2007/3664 http://www.vupen.com/english/advisories/2008/0082 XForce ISS Database: mozilla-layoutengine-dos(34604) https://exchange.xforce.ibmcloud.com/vulnerabilities/34604 Common Vulnerability Exposure (CVE) ID: CVE-2007-2868 1018151 1018152 http://www.securitytracker.com/id?1018152 1018153 103125 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103125-1 20070531 FLEA-2007-0023-1: firefox 20070620 FLEA-2007-0027-1: thunderbird 201505 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201505-1 24242 24406 24456 25469 25476 25488 25489 25490 25491 25492 25496 25533 25534 25559 25635 25644 25647 25664 25685 25750 25858 27427 http://secunia.com/advisories/27427 28363 35138 http://osvdb.org/35138 ADV-2007-1994 ADV-2007-3632 http://www.vupen.com/english/advisories/2007/3632 ADV-2008-0082 DSA-1300 DSA-1305 DSA-1306 DSA-1308 FEDORA-2007-308 FEDORA-2007-309 GLSA-200706-06 HPSBUX02153 HPSBUX02156 MDKSA-2007:119 MDKSA-2007:120 MDKSA-2007:131 RHSA-2007:0400 RHSA-2007:0401 RHSA-2007:0402 SSA:2007-066-04 SSA:2007-152-02 SSRT061181 SSRT061236 SUSE-SA:2007:036 TA07-151A USN-468-1 USN-469-1 VU#609956 http://www.kb.cert.org/vuls/id/609956 http://www.mozilla.org/security/announce/2007/mfsa2007-12.html https://issues.rpath.com/browse/RPL-1424 mozilla-javascripteng-code-execution(34605) https://exchange.xforce.ibmcloud.com/vulnerabilities/34605 oval:org.mitre.oval:def:10711 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10711 Common Vulnerability Exposure (CVE) ID: CVE-2007-2869 http://osvdb.org/35135 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11208 http://www.securitytracker.com/id?1018154 XForce ISS Database: firefox-autocomplete-dos(34612) https://exchange.xforce.ibmcloud.com/vulnerabilities/34612 Common Vulnerability Exposure (CVE) ID: CVE-2007-2870 1018160 http://www.securitytracker.com/id?1018160 1018161 http://www.securitytracker.com/id?1018161 35136 http://osvdb.org/35136 MDKSA-2007:126 http://www.mozilla.org/security/announce/2007/mfsa2007-16.html mozilla-addeventlistener-xss(34614) https://exchange.xforce.ibmcloud.com/vulnerabilities/34614 oval:org.mitre.oval:def:9547 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9547 Common Vulnerability Exposure (CVE) ID: CVE-2007-2871 http://osvdb.org/35137 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11433 http://www.securitytracker.com/id?1018155 http://www.securitytracker.com/id?1018156 XForce ISS Database: mozilla-xulpopups-spoofing(34606) https://exchange.xforce.ibmcloud.com/vulnerabilities/34606
Copyright	Copyright (C) 2008 Greenbone AG