Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63962
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1797-1 (xulrunner)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to xulrunner
announced via advisory DSA 1797-1.

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2009-0652

Moxie Marlinspike discovered that Unicode box drawing characters inside of
internationalised domain names could be used for phishing attacks.

CVE-2009-1302

Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman
and Gary Kwong reported crashes in the in the layout engine, which might
allow the execution of arbitrary code.

CVE-2009-1303

Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman
and Gary Kwong reported crashes in the in the layout engine, which might
allow the execution of arbitrary code.

CVE-2009-1304

Igor Bukanov and Bob Clary discovered crashes in the Javascript engine,
which might allow the execution of arbitrary code.

CVE-2009-1305

Igor Bukanov and Bob Clary discovered crashes in the Javascript engine,
which might allow the execution of arbitrary code.

CVE-2009-1306

Daniel Veditz discovered that the Content-Disposition: header is ignored
within the jar: URI scheme.

CVE-2009-1307

Gregory Fleischer discovered that the same-origin policy for Flash files
is inproperly enforced for files loaded through the view-source scheme,
which may result in bypass of cross-domain policy restrictions.

CVE-2009-1308

Cefn Hoile discovered that sites, which allow the embedding of third-party
stylesheets are vulnerable to cross-site scripting attacks through XBL
bindings.

CVE-2009-1309

moz_bug_r_a4 discovered bypasses of the same-origin policy in the
XMLHttpRequest Javascript API and the XPCNativeWrapper.

CVE-2009-1311

Paolo Amadini discovered that incorrect handling of POST data when
saving a web site with an embedded frame may lead to information disclosure.

CVE-2009-1312

It was discovered that Iceweasel allows Refresh: headers to redirect
to Javascript URIs, resulting in cross-site scripting.

For the stable distribution (lenny), these problems have been fixed
in version 1.9.0.9-0lenny2.

As indicated in the Etch release notes, security support for the
Mozilla products in the oldstable distribution needed to be stopped
before the end of the regular Etch security maintenance life cycle.
You are strongly encouraged to upgrade to stable or switch to a still
supported browser.

For the unstable distribution (sid), these problems have been fixed in
version 1.9.0.9-1.

We recommend that you upgrade your xulrunner packages.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201797-1

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0652
BugTraq ID: 33837
http://www.securityfocus.com/bid/33837
Debian Security Information: DSA-1797 (Google Search)
http://www.debian.org/security/2009/dsa-1797
Debian Security Information: DSA-1830 (Google Search)
http://www.debian.org/security/2009/dsa-1830
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike
https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf
http://lists.immunitysec.com/pipermail/dailydave/2009-February/005556.html
http://lists.immunitysec.com/pipermail/dailydave/2009-February/005563.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11396
http://www.redhat.com/support/errata/RHSA-2009-0436.html
RedHat Security Advisories: RHSA-2009:0437
http://rhn.redhat.com/errata/RHSA-2009-0437.html
http://secunia.com/advisories/34096
http://secunia.com/advisories/34843
http://secunia.com/advisories/34844
http://secunia.com/advisories/34894
http://secunia.com/advisories/35042
http://secunia.com/advisories/35065
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
https://usn.ubuntu.com/764-1/
http://www.vupen.com/english/advisories/2009/1125
XForce ISS Database: mozilla-firefox-homoglyph-spoofing(48974)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48974
Common Vulnerability Exposure (CVE) ID: CVE-2009-1302
BugTraq ID: 34656
http://www.securityfocus.com/bid/34656
http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10106
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5527
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6070
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6170
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7030
http://www.securitytracker.com/id?1022090
http://secunia.com/advisories/34758
http://secunia.com/advisories/34780
http://secunia.com/advisories/35602
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
Common Vulnerability Exposure (CVE) ID: CVE-2009-1303
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5810
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5992
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6151
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6646
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9455
http://www.redhat.com/support/errata/RHSA-2009-1125.html
http://www.redhat.com/support/errata/RHSA-2009-1126.html
http://secunia.com/advisories/35536
http://www.ubuntu.com/usn/usn-782-1
Common Vulnerability Exposure (CVE) ID: CVE-2009-1304
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5319
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5480
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6015
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7516
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9535
Common Vulnerability Exposure (CVE) ID: CVE-2009-1305
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10110
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6090
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6232
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6248
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6921
Common Vulnerability Exposure (CVE) ID: CVE-2009-1306
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10150
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6021
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6194
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6312
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6710
http://www.securitytracker.com/id?1022095
Common Vulnerability Exposure (CVE) ID: CVE-2009-1307
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008
http://www.securitytracker.com/id?1022093
http://secunia.com/advisories/35561
http://secunia.com/advisories/35882
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408
Common Vulnerability Exposure (CVE) ID: CVE-2009-1308
http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285
http://www.securitytracker.com/id?1022097
Common Vulnerability Exposure (CVE) ID: CVE-2009-1309
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5265
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5591
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6139
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6831
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9494
http://www.securitytracker.com/id?1022094
Common Vulnerability Exposure (CVE) ID: CVE-2009-1311
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10939
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6200
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6222
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7235
Common Vulnerability Exposure (CVE) ID: CVE-2009-1312
Bugtraq: 20090702 Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome (Google Search)
http://www.securityfocus.com/archive/1/504718/100/0/threaded
Bugtraq: 20090703 Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome (Google Search)
http://www.securityfocus.com/archive/1/504723/100/0/threaded
http://ha.ckers.org/blog/20070309/firefox-header-redirection-javascript-execution/
http://websecurity.com.ua/3275/
http://websecurity.com.ua/3386/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6064
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6131
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6731
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9818
http://www.securitytracker.com/id?1022096
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.