| Description: | Summary:
The remote host is missing an update for the Debian 'xulrunner' package(s) announced via the DSA-1999-1 advisory.
Vulnerability Insight:
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2009-1571
Alin Rad Pop discovered that incorrect memory handling in the HTML parser could lead to the execution of arbitrary code.
CVE-2009-3988
Hidetake Jo discovered that the same-origin policy can be bypassed through window.dialogArguments.
CVE-2010-0159
Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn Wargers and Paul Nickerson reported crashes in layout engine, which might allow the execution of arbitrary code.
CVE-2010-0160
Orlando Barrera II discovered that incorrect memory handling in the implementation of the web worker API could lead to the execution of arbitrary code.
CVE-2010-0162
Georgi Guninski discovered that the same origin policy can be bypassed through specially crafted SVG documents.
For the stable distribution (lenny), these problems have been fixed in version 1.9.0.18-1.
For the unstable distribution (sid), these problems have been fixed in version 1.9.1.8-1.
We recommend that you upgrade your xulrunner packages.
Affected Software/OS:
'xulrunner' package(s) on Debian 5.
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
