| Description: | Summary:
The remote host is missing an update for the Debian 'xulrunner' package(s) announced via the DSA-2106-1 advisory.
Vulnerability Insight:
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-2760, CVE-2010-3167, CVE-2010-3168 Implementation errors in XUL processing allow the execution of arbitrary code.
CVE-2010-2763
An implementation error in the XPCSafeJSObjectWrapper wrapper allows the bypass of the same origin policy.
CVE-2010-2765
An integer overflow in frame handling allows the execution of arbitrary code.
CVE-2010-2766
An implementation error in DOM handling allows the execution of arbitrary code.
CVE-2010-2767
Incorrect pointer handling in the plugin code allow the execution of arbitrary code.
CVE-2010-2768
Incorrect handling of an object tag may lead to the bypass of cross site scripting filters.
CVE-2010-2769
Incorrect copy and paste handling could lead to cross site scripting.
CVE-2010-3169
Crashes in the layout engine may lead to the execution of arbitrary code.
For the stable distribution (lenny), these problems have been fixed in version 1.9.0.19-4.
For the unstable distribution (sid), these problems have been fixed in version 3.5.12-1 of the iceweasel source package (which now builds the xulrunner library binary packages).
For the experimental distribution, these problems have been fixed in version 3.6.9-1 of the iceweasel source package (which now builds the xulrunner library binary packages).
We recommend that you upgrade your xulrunner packages.
Affected Software/OS:
'xulrunner' package(s) on Debian 5.
Solution:
Please install the updated package(s).
CVSS Score:
9.3
CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
