Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2012:1361
HistoryOct 12, 2012 - 9:47 p.m.

xulrunner security update

2012-10-1221:47:30
CentOS Project
lists.centos.org
61

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.5%

JSON

CentOS Errata and Security Advisory CESA-2012:1361

XULRunner provides the XUL Runtime environment for applications using the
Gecko layout engine.

A flaw was found in the way XULRunner handled security wrappers. A web page
containing malicious content could possibly cause an application linked
against XULRunner (such as Mozilla Firefox) to execute arbitrary code with
the privileges of the user running the application. (CVE-2012-4193)

For technical details regarding this flaw, refer to the Mozilla security
advisories. You can find a link to the Mozilla advisories in the References
section of this erratum.

Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges moz_bug_r_a4 as the original reporter.

All XULRunner users should upgrade to these updated packages, which correct
this issue. After installing the update, applications using XULRunner must
be restarted for the changes to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2012-October/081098.html
https://lists.centos.org/pipermail/centos-announce/2012-October/081102.html

Affected packages:
xulrunner
xulrunner-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2012:1361

OSVersionArchitecturePackageVersionFilename
CentOS5i386xulrunner< 10.0.8-2.el5_8xulrunner-10.0.8-2.el5_8.i386.rpm
CentOS5i386xulrunner-devel< 10.0.8-2.el5_8xulrunner-devel-10.0.8-2.el5_8.i386.rpm
CentOS5i386xulrunner< 10.0.8-2.el5_8xulrunner-10.0.8-2.el5_8.i386.rpm
CentOS5x86_64xulrunner< 10.0.8-2.el5_8xulrunner-10.0.8-2.el5_8.x86_64.rpm
CentOS5i386xulrunner-devel< 10.0.8-2.el5_8xulrunner-devel-10.0.8-2.el5_8.i386.rpm
CentOS5x86_64xulrunner-devel< 10.0.8-2.el5_8xulrunner-devel-10.0.8-2.el5_8.x86_64.rpm
CentOS6i686xulrunner< 10.0.8-2.el6.centosxulrunner-10.0.8-2.el6.centos.i686.rpm
CentOS6i686xulrunner-devel< 10.0.8-2.el6.centosxulrunner-devel-10.0.8-2.el6.centos.i686.rpm
CentOS6i686xulrunner< 10.0.8-2.el6.centosxulrunner-10.0.8-2.el6.centos.i686.rpm
CentOS6x86_64xulrunner< 10.0.8-2.el6.centosxulrunner-10.0.8-2.el6.centos.x86_64.rpm
Rows per page:
1-10 of 121

Related

redhat 2
cve 2
nessus 29
openvas 44
centos 1
oraclelinux 2
veracode 1
ubuntucve 2
prion 2
mozilla 1
suse 3
ubuntu 1
freebsd 1
securityvulns 1
ibm 2
gentoo 1
redhat
redhat
(RHSA-2012:1361) Critical: xulrunner security update
2012-10-12 00:00:00
(RHSA-2012:1362) Critical: thunderbird security update
2012-10-12 00:00:00
cve
cve
CVE-2012-4193
2012-10-12 10:44:00
CVE-2012-4192
2012-10-12 10:44:00
nessus
nessus
CentOS 5 / 6 : thunderbird (CESA-2012:1362)
2012-10-15 00:00:00
Oracle Linux 5 / 6 : xulrunner (ELSA-2012-1361)
2013-07-12 00:00:00
Oracle Linux 6 : thunderbird (ELSA-2012-1362)
2013-07-12 00:00:00
openvas
openvas
RedHat Update for xulrunner RHSA-2012:1361-01
2012-10-16 00:00:00
CentOS Update for xulrunner CESA-2012:1361 centos5
2012-10-16 00:00:00
RedHat Update for thunderbird RHSA-2012:1362-01
2012-10-16 00:00:00
centos
centos
thunderbird security update
2012-10-13 02:05:00
oraclelinux
oraclelinux
xulrunner security update
2012-10-12 00:00:00
thunderbird security update
2012-10-12 00:00:00
veracode
veracode
Same Origin Policy Bypass
2019-01-15 08:58:46
ubuntucve
ubuntucve
CVE-2012-4193
2012-10-11 00:00:00
CVE-2012-4192
2012-10-10 00:00:00
prion
prion
Design/Logic Flaw
2012-10-12 10:44:00
Design/Logic Flaw
2012-10-12 10:44:00
mozilla
mozilla
defaultValue security checks not applied — Mozilla
2012-10-11 00:00:00
suse
suse
MozillaFirefox: update to Firefox 16.0.1 (important)
2012-10-15 15:08:30
Security update for Mozilla Firefox (important)
2012-10-16 22:08:48
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
ubuntu
ubuntu
Thunderbird vulnerabilities
2012-10-12 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-10-09 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-10-29 00:00:00
ibm
ibm
Security Bulletin: Storwize V7000 Unified V1.4.1.0 Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.5%

JSON
Related for CESA-2012:1361
redhat2cve2nessus29openvas44centos1oraclelinux2veracode1ubuntucve2prion2mozilla1suse3ubuntu1freebsd1securityvulns1ibm2gentoo1