Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64870
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1885-1 (xulrunner)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to xulrunner
announced via advisory DSA 1885-1.

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2009-3070

Jesse Ruderman discovered crashes in the layout engine, which
might allow the execution of arbitrary code.

CVE-2009-3071

Daniel Holbert, Jesse Ruderman, Olli Pettay and toshi discovered
crashes in the layout engine, which might allow the execution of
arbitrary code.

CVE-2009-3072

Josh Soref, Jesse Ruderman and Martin Wargers discovered crashes
in the layout engine, which might allow the execution of arbitrary
code.

CVE-2009-3074

Jesse Ruderman discovered a crash in the Javascript engine, which
might allow the execution of arbitrary code.

CVE-2009-3075

Carsten Book and Taral discovered crashes in the layout engine,
which might allow the execution of arbitrary code.

CVE-2009-3076

Jesse Ruderman discovered that the user interface for installing/
removing PCKS #11 securiy modules wasn't informative enough, which
might allow social engineering attacks.

CVE-2009-3077

It was discovered that incorrect pointer handling in the XUL parser
could lead to the execution of arbitrary code.

CVE-2009-3078

Juan Pablo Lopez Yacubian discovered that incorrent rendering of
some Unicode font characters could lead to spoofing attacks on
the location bar.

For the stable distribution (lenny), these problems have been fixed
in version 1.9.0.14-0lenny1.

As indicated in the Etch release notes, security support for the
Mozilla products in the oldstable distribution needed to be stopped
before the end of the regular Etch security maintenance life cycle.
You are strongly encouraged to upgrade to stable or switch to a still
supported browser.

For the unstable distribution (sid), these problems have been fixed in
version 1.9.0.14-1.

For the experimental distribution, these problems have been fixed in
version 1.9.1.3-1.

We recommend that you upgrade your xulrunner package.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201885-1

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-3070
BugTraq ID: 36343
http://www.securityfocus.com/bid/36343
Debian Security Information: DSA-1885 (Google Search)
http://www.debian.org/security/2009/dsa-1885
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11702
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6073
http://www.redhat.com/support/errata/RHSA-2009-1430.html
http://secunia.com/advisories/36670
http://secunia.com/advisories/36671
http://secunia.com/advisories/36692
http://secunia.com/advisories/37098
SuSE Security Announcement: SUSE-SA:2009:048 (Google Search)
http://www.novell.com/linux/security/advisories/2009_48_firefox.html
Common Vulnerability Exposure (CVE) ID: CVE-2009-3071
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10698
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5905
Common Vulnerability Exposure (CVE) ID: CVE-2009-3072
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10349
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6315
http://www.redhat.com/support/errata/RHSA-2009-1431.html
http://www.redhat.com/support/errata/RHSA-2009-1432.html
http://www.redhat.com/support/errata/RHSA-2010-0153.html
http://www.redhat.com/support/errata/RHSA-2010-0154.html
http://secunia.com/advisories/36669
http://secunia.com/advisories/38977
http://secunia.com/advisories/39001
SuSE Security Announcement: SUSE-SR:2010:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://www.ubuntu.com/usn/USN-915-1
http://www.vupen.com/english/advisories/2010/0648
http://www.vupen.com/english/advisories/2010/0650
Common Vulnerability Exposure (CVE) ID: CVE-2009-3074
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6053
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9444
XForce ISS Database: firefox-javascript-code-exec(53157)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53157
Common Vulnerability Exposure (CVE) ID: CVE-2009-3075
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11365
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5717
XForce ISS Database: mozilla-javascript-engine-code-exec(53158)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53158
Common Vulnerability Exposure (CVE) ID: CVE-2009-3076
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6140
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9306
http://www.securitytracker.com/id?1022877
Common Vulnerability Exposure (CVE) ID: CVE-2009-3077
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10730
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5606
Common Vulnerability Exposure (CVE) ID: CVE-2009-3078
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10871
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5418
http://www.securitytracker.com/id?1022875
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.