Lucene search

K
debianDebianDEBIAN:CE1AE710DAA76FBA86258A0E6EADAF3A:B480D
HistoryJul 01, 2010 - 11:48 a.m.

[Backports-security-announce] Security Update for xulrunner

2010-07-0111:48:42
lists.debian.org
36

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.889

Percentile

98.8%

Alexander Reichle-Schmehl uploaded new packages for <packagename> which fixed the
following security problems:

CVE-2008-5913

The Math.random function in the JavaScript implementation in Mozilla
Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before
2.0.5, uses a random number generator that is seeded only once per
browser session, which makes it easier for remote attackers to track a
user, or trick a user into acting upon a spoofed pop-up message, by
calculating the seed value, related to a "temporary footprint" and an
"in-session phishing attack."

CVE-2010-0183

Use-after-free vulnerability in the nsCycleCollector::MarkRoots function
in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows
remote attackers to execute arbitrary code via a crafted HTML document,
related to an improper frame construction process for menus.

CVE-2010-0173

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4,
and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.

CVE-2010-0174

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2;
Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors.

CVE-2010-0175

Use-after-free vulnerability in the nsTreeSelection implementation in
Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before
3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute
arbitrary code or cause a denial of service (application crash) via
unspecified vectors that trigger a call to the handler for the select
event for XUL tree items.

CVE-2010-0176

Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before
3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not
properly manage reference counts for option elements in a XUL tree
optgroup, which might allow remote attackers to execute arbitrary code
via unspecified vectors that trigger access to deleted elements, related
to a "dangling pointer vulnerability."

CVE-2010-0177

Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before
3.6.2, and SeaMonkey before 2.0.4, frees the contents of the
window.navigator.plugins array while a reference to an array element is
still active, which allows remote attackers to execute arbitrary code or
cause a denial of service (application crash) via unspecified vectors,
related to a "dangling pointer vulnerability."

CVE-2010-0178

Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before
3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from
interpreting mouse clicks as drag-and-drop actions, which allows remote
attackers to execute arbitrary JavaScript with Chrome privileges by
loading a chrome: URL and then loading a javascript: URL.

CVE-2010-0179

Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey
before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is
used, does not properly handle interaction between the XMLHttpRequestSpy
object and chrome privileged objects, which allows remote attackers to
execute arbitrary JavaScript via a crafted HTTP response.

CVE-2010-0181

Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey
before 2.0.4, executes a mail application in situations where an IMG
element has a SRC attribute that is a redirect to a mailto: URL, which
allows remote attackers to cause a denial of service (excessive
application launches) via an HTML document with many images.

CVE-2010-1125

The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and
3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers
to send selected keystrokes to a form field in a hidden frame, instead
of the intended form field in a visible frame, via certain calls to the
focus method.

CVE-2010-1196

Integer overflow in the nsGenericDOMDataNode::SetTextInternal function
in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4,
Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote
attackers to execute arbitrary code via a DOM node with a long text
value that triggers a heap-based buffer overflow.

CVE-2010-1197

Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and
SeaMonkey before 2.0.5, does not properly handle situations in which
both "Content-Disposition: attachment" and "Content-Type: multipart" are
present in HTTP headers, which allows remote attackers to conduct
cross-site scripting (XSS) attacks via an uploaded HTML document.

CVE-2010-1198

Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and
3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers
to execute arbitrary code via vectors involving multiple plugin
instances.

CVE-2010-1199

Integer overflow in the XSLT node sorting implementation in Mozilla
Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before
3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute
arbitrary code via a large text value for a node.

CVE-2010-1200

Multiple unspecified vulnerabilities in the browser engine in
Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird
before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause
a denial of service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors.

CVE-2010-1201

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x
before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5
allows remote attackers to cause a denial of service (memory corruption
and application crash) or possibly execute arbitrary code via unknown
vectors.

CVE-2010-1202

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla
Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before
3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a
denial of service (memory corruption and application crash) or possibly
execute arbitrary code via unknown vectors.

For the lenny-backports distribution the problems have been fixed in
version 1.9.1.10-1~bpo50+1.

For the squeeze and sid distributions the problems have been fixed in
version 1.9.1.10-1.

Upgrade instructions

If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install <packagelist>" with
the packagelist of your installed packages affected by this update.
[1] <http://backports.org/dokuwiki/doku.php?id=instructions&gt;

We recommend to pin the backports repository to 200 so that new
versions of installed backports will be installed automatically.

Package: *
Pin: release a=lenny-backports
Pin-Priority: 200

Attachment:
signature.asc
Description: Digital signature

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.889

Percentile

98.8%