| Description: | Summary:
The remote host is missing an update for the Debian 'xulrunner' package(s) announced via the DSA-2027-1 advisory.
Vulnerability Insight:
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-0174
Jesse Ruderman and Ehsan Akhgari discovered crashes in the layout engine, which might allow the execution of arbitrary code.
CVE-2010-0175
It was discovered that incorrect memory handling in the XUL event handler might allow the execution of arbitrary code.
CVE-2010-0176
It was discovered that incorrect memory handling in the XUL event handler might allow the execution of arbitrary code.
CVE-2010-0177
It was discovered that incorrect memory handling in the plugin code might allow the execution of arbitrary code.
CVE-2010-0178
Paul Stone discovered that forced drag-and-drop events could lead to Chrome privilege escalation.
CVE-2010-0179
It was discovered that a programming error in the XMLHttpRequestSpy module could lead to the execution of arbitrary code.
For the stable distribution (lenny), these problems have been fixed in version 1.9.0.19-1.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your xulrunner packages.
Affected Software/OS:
'xulrunner' package(s) on Debian 5.
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
