Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.66146
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1922-1 (xulrunner)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to xulrunner
announced via advisory DSA 1922-1.

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2009-3380

Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel
Banchero, David Keeler and Boris Zbarsky reported crashes in
layout engine, which might allow the execution of arbitrary code.

CVE-2009-3382

Carsten Book reported a crash in the layout engine, which might
allow the execution of arbitrary code.

CVE-2009-3376

Jesse Ruderman and Sid Stamm discovered spoofing vulnerability
in the file download dialog.

CVE-2009-3375

Gregory Fleischer discovered a bypass of the same-origin policy
using the document.getSelection() function.

CVE-2009-3374

moz_bug_r_a4 discovered a privilege escalation to Chrome status
in the XPCOM utility XPCVariant::VariantDataToJS.

CVE-2009-3373

regenrecht discovered a buffer overflow in the GIF parser, which
might lead to the execution of arbitrary code.

CVE-2009-3372

Marco C. discovered that a programming error in the proxy auto
configuration code might lead to denial of service or the
execution of arbitrary code.

CVE-2009-3274

Jeremy Brown discovered that the filename of a downloaded file
which is opened by the user is predictable, which might lead to
tricking the user into a malicious file if the attacker has local
access to the system.

CVE-2009-3370

Paul Stone discovered that history information from web forms
could be stolen.


For the stable distribution (lenny), these problems have been fixed
in version 1.9.0.15-0lenny1.

As indicated in the Etch release notes, security support for the
Mozilla products in the oldstable distribution needed to be stopped
before the end of the regular Etch security maintenance life cycle.
You are strongly encouraged to upgrade to stable or switch to a still
supported browser.

For the unstable distribution (sid), these problems have been fixed in
version 1.9.1.4-1.

We recommend that you upgrade your xulrunner packages.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201922-1

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-3274
http://www.mandriva.com/security/advisories?name=MDVSA-2009:294
http://jbrownsec.blogspot.com/2009/09/vamos-updates.html
http://securitytube.net/Zero-Day-Demos-(Firefox-Vulnerability-Discovered)-video.aspx
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9641
http://www.redhat.com/support/errata/RHSA-2010-0153.html
http://www.redhat.com/support/errata/RHSA-2010-0154.html
http://secunia.com/advisories/36649
http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
http://www.vupen.com/english/advisories/2009/3334
http://www.vupen.com/english/advisories/2010/0650
Common Vulnerability Exposure (CVE) ID: CVE-2009-3370
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10836
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6455
Common Vulnerability Exposure (CVE) ID: CVE-2009-3372
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10977
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6347
Common Vulnerability Exposure (CVE) ID: CVE-2009-3373
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10684
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6548
Common Vulnerability Exposure (CVE) ID: CVE-2009-3374
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6565
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9789
Common Vulnerability Exposure (CVE) ID: CVE-2009-3375
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10440
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5935
Common Vulnerability Exposure (CVE) ID: CVE-2009-3376
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11218
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6541
http://secunia.com/advisories/38977
SuSE Security Announcement: SUSE-SR:2010:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://www.ubuntu.com/usn/USN-915-1
http://www.vupen.com/english/advisories/2010/0648
Common Vulnerability Exposure (CVE) ID: CVE-2009-3380
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6580
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9463
Common Vulnerability Exposure (CVE) ID: CVE-2009-3382
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11219
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5581
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.