Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64479
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1840-1 (xulrunner)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to xulrunner
announced via advisory DSA 1840-1.

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2009-2462

Martijn Wargers, Arno Renevier, Jesse Ruderman, Olli Pettay and Blake
Kaplan disocvered several issues in the browser engine that could
potentially lead to the execution of arbitrary code. (MFSA 2009-34)

CVE-2009-2463

monarch2020 reported an integer overflow in a base64 decoding function.
(MFSA 2009-34)

CVE-2009-2464

Christophe Charron reported a possibly exploitable crash occuring when
multiple RDF files were loaded in a XUL tree element. (MFSA 2009-34)

CVE-2009-2465

Yongqian Li reported that an unsafe memory condition could be created by
specially crafted document. (MFSA 2009-34)

CVE-2009-2466

Peter Van der Beken, Mike Shaver, Jesse Ruderman, and Carsten Book
discovered several issues in the JavaScript engine that could possibly
lead to the execution of arbitrary JavaScript. (MFSA 2009-34)

CVE-2009-2467

Attila Suszter discovered an issue related to a specially crafted Flash
object, which could be used to run arbitrary code. (MFSA 2009-35)

CVE-2009-2469

PenPal discovered that it is possible to execute arbitrary code via a
specially crafted SVG element. (MFSA 2009-37)

CVE-2009-2471

Blake Kaplan discovered a flaw in the JavaScript engine that might allow
an attacker to execute arbitrary JavaScript with chrome privileges.
(MFSA 2009-39)

CVE-2009-2472

moz_bug_r_a4 discovered an issue in the JavaScript engine that could be
used to perform cross-site scripting attacks. (MFSA 2009-40)


For the stable distribution (lenny), these problems have been fixed in
version 1.9.0.12-0lenny1.

As indicated in the Etch release notes, security support for the
Mozilla products in the oldstable distribution needed to be stopped
before the end of the regular Etch security maintenance life cycle.
You are strongly encouraged to upgrade to stable or switch to a still
supported browser.

For the testing distribution (squeeze), these problems will be fixed
soon.

For the unstable distribution (sid), these problems have been fixed in
version 1.9.0.12-1.


We recommend that you upgrade your xulrunner packages.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201840-1

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-2462
BugTraq ID: 35758
http://www.securityfocus.com/bid/35758
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10906
RedHat Security Advisories: RHSA-2009:1162
http://rhn.redhat.com/errata/RHSA-2009-1162.html
RedHat Security Advisories: RHSA-2009:1163
http://rhn.redhat.com/errata/RHSA-2009-1163.html
http://www.redhat.com/support/errata/RHSA-2010-0153.html
http://www.redhat.com/support/errata/RHSA-2010-0154.html
http://secunia.com/advisories/35914
http://secunia.com/advisories/35943
http://secunia.com/advisories/35944
http://secunia.com/advisories/35947
http://secunia.com/advisories/36005
http://secunia.com/advisories/36145
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1
SuSE Security Announcement: SUSE-SA:2009:039 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html
SuSE Security Announcement: SUSE-SA:2009:042 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html
http://www.vupen.com/english/advisories/2009/1972
http://www.vupen.com/english/advisories/2009/2152
http://www.vupen.com/english/advisories/2010/0650
Common Vulnerability Exposure (CVE) ID: CVE-2009-2463
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10369
http://secunia.com/advisories/38977
http://secunia.com/advisories/39001
SuSE Security Announcement: SUSE-SR:2010:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://www.ubuntu.com/usn/USN-915-1
http://www.vupen.com/english/advisories/2010/0648
Common Vulnerability Exposure (CVE) ID: CVE-2009-2464
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9594
Common Vulnerability Exposure (CVE) ID: CVE-2009-2465
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10402
Common Vulnerability Exposure (CVE) ID: CVE-2009-2466
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9820
Common Vulnerability Exposure (CVE) ID: CVE-2009-2467
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10473
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1
Common Vulnerability Exposure (CVE) ID: CVE-2009-2469
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10030
Common Vulnerability Exposure (CVE) ID: CVE-2009-2471
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10572
Common Vulnerability Exposure (CVE) ID: CVE-2009-2472
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9497
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.