Test ID:	1.3.6.1.4.1.25623.1.0.64870
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1885-1)
Summary:	The remote host is missing an update for the Debian 'xulrunner' package(s) announced via the DSA-1885-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'xulrunner' package(s) announced via the DSA-1885-1 advisory. Vulnerability Insight: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3070 Jesse Ruderman discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3071 Daniel Holbert, Jesse Ruderman, Olli Pettay and 'toshi' discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3072 Josh Soref, Jesse Ruderman and Martin Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3074 Jesse Ruderman discovered a crash in the Javascript engine, which might allow the execution of arbitrary code. CVE-2009-3075 Carsten Book and 'Taral' discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3076 Jesse Ruderman discovered that the user interface for installing/ removing PCKS #11 security modules wasn't informative enough, which might allow social engineering attacks. CVE-2009-3077 It was discovered that incorrect pointer handling in the XUL parser could lead to the execution of arbitrary code. CVE-2009-3078 Juan Pablo Lopez Yacubian discovered that incorrect rendering of some Unicode font characters could lead to spoofing attacks on the location bar. For the stable distribution (lenny), these problems have been fixed in version 1.9.0.14-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution (sid), these problems have been fixed in version 1.9.0.14-1. For the experimental distribution, these problems have been fixed in version 1.9.1.3-1. We recommend that you upgrade your xulrunner package. Affected Software/OS: 'xulrunner' package(s) on Debian 5. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3070 36343 http://www.securityfocus.com/bid/36343 36670 http://secunia.com/advisories/36670 36671 http://secunia.com/advisories/36671 36692 http://secunia.com/advisories/36692 37098 http://secunia.com/advisories/37098 DSA-1885 http://www.debian.org/security/2009/dsa-1885 RHSA-2009:1430 http://www.redhat.com/support/errata/RHSA-2009-1430.html SUSE-SA:2009:048 http://www.novell.com/linux/security/advisories/2009_48_firefox.html http://www.mozilla.org/security/announce/2009/mfsa2009-47.html https://bugzilla.mozilla.org/show_bug.cgi?id=430569 https://bugzilla.mozilla.org/show_bug.cgi?id=437565 https://bugzilla.mozilla.org/show_bug.cgi?id=465651 oval:org.mitre.oval:def:11702 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11702 oval:org.mitre.oval:def:6073 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6073 Common Vulnerability Exposure (CVE) ID: CVE-2009-3071 https://bugzilla.mozilla.org/show_bug.cgi?id=490196 https://bugzilla.mozilla.org/show_bug.cgi?id=493649 https://bugzilla.mozilla.org/show_bug.cgi?id=495444 https://bugzilla.mozilla.org/show_bug.cgi?id=502017 oval:org.mitre.oval:def:10698 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10698 oval:org.mitre.oval:def:5905 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5905 Common Vulnerability Exposure (CVE) ID: CVE-2009-3072 36669 http://secunia.com/advisories/36669 38977 http://secunia.com/advisories/38977 39001 http://secunia.com/advisories/39001 ADV-2010-0648 http://www.vupen.com/english/advisories/2010/0648 ADV-2010-0650 http://www.vupen.com/english/advisories/2010/0650 RHSA-2009:1431 http://www.redhat.com/support/errata/RHSA-2009-1431.html RHSA-2009:1432 http://www.redhat.com/support/errata/RHSA-2009-1432.html RHSA-2010:0153 http://www.redhat.com/support/errata/RHSA-2010-0153.html RHSA-2010:0154 http://www.redhat.com/support/errata/RHSA-2010-0154.html SUSE-SR:2010:013 http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html USN-915-1 http://www.ubuntu.com/usn/USN-915-1 http://www.mozilla.org/security/announce/2010/mfsa2010-07.html https://bugzilla.mozilla.org/show_bug.cgi?id=494283 https://bugzilla.mozilla.org/show_bug.cgi?id=501900 https://bugzilla.mozilla.org/show_bug.cgi?id=508074 oval:org.mitre.oval:def:10349 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10349 oval:org.mitre.oval:def:6315 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6315 Common Vulnerability Exposure (CVE) ID: CVE-2009-3074 firefox-javascript-code-exec(53157) https://exchange.xforce.ibmcloud.com/vulnerabilities/53157 https://bugzilla.mozilla.org/show_bug.cgi?id=467493 oval:org.mitre.oval:def:6053 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6053 oval:org.mitre.oval:def:9444 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9444 Common Vulnerability Exposure (CVE) ID: CVE-2009-3075 https://bugzilla.mozilla.org/show_bug.cgi?id=441714 https://bugzilla.mozilla.org/show_bug.cgi?id=505305 mozilla-javascript-engine-code-exec(53158) https://exchange.xforce.ibmcloud.com/vulnerabilities/53158 oval:org.mitre.oval:def:11365 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11365 oval:org.mitre.oval:def:5717 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5717 Common Vulnerability Exposure (CVE) ID: CVE-2009-3076 1022877 http://www.securitytracker.com/id?1022877 http://www.mozilla.org/security/announce/2009/mfsa2009-48.html https://bugzilla.mozilla.org/show_bug.cgi?id=326628 https://bugzilla.mozilla.org/show_bug.cgi?id=509413 oval:org.mitre.oval:def:6140 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6140 oval:org.mitre.oval:def:9306 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9306 Common Vulnerability Exposure (CVE) ID: CVE-2009-3077 http://www.mozilla.org/security/announce/2009/mfsa2009-49.html https://bugzilla.mozilla.org/show_bug.cgi?id=506871 oval:org.mitre.oval:def:10730 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10730 oval:org.mitre.oval:def:5606 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5606 Common Vulnerability Exposure (CVE) ID: CVE-2009-3078 1022875 http://www.securitytracker.com/id?1022875 http://www.mozilla.org/security/announce/2009/mfsa2009-50.html https://bugzilla.mozilla.org/show_bug.cgi?id=453827 oval:org.mitre.oval:def:10871 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10871 oval:org.mitre.oval:def:5418 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5418
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.