RedHat Update for xulrunner provides the XUL Runtime environment for applications using the Gecko layout engine. An update is available for a race condition flaw that could cause an application linked against XULRunner to crash or execute arbitrary code
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
![]() | Firefox Interleaving Denial Of Service | 28 Oct 201000:00 | β | packetstorm |
![]() | Mozilla Firefox Interleaving document.write / appendChild Code Execution | 19 Feb 201100:00 | β | packetstorm |
![]() | Firefox Memory Corruption | 29 Oct 201000:00 | β | packetstorm |
![]() | Mozilla Foundation Security Advisory 2010-73 | 1 Nov 201000:00 | β | securityvulns |
![]() | Mozilla Firefox / Thunderbird / Seamonkey buffer overflow | 1 Nov 201000:00 | β | securityvulns |
![]() | Xulrunner vulnerability | 29 Oct 201000:00 | β | ubuntu |
![]() | Firefox vulnerability | 28 Oct 201000:00 | β | ubuntu |
![]() | Thunderbird vulnerability | 28 Oct 201000:00 | β | ubuntu |
![]() | Firefox Memory Corruption Proof of Concept (Simplified) | 29 Oct 201000:00 | β | zdt |
![]() | firefox security update | 28 Oct 201022:36 | β | centos |
Source | Link |
---|---|
redhat | www.redhat.com/archives/rhsa-announce/2010-October/msg00032.html |
###############################################################################
# OpenVAS Vulnerability Test
#
# RedHat Update for xulrunner RHSA-2010:0809-01
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "XULRunner provides the XUL Runtime environment for applications using the
Gecko layout engine.
A race condition flaw was found in the way XULRunner handled Document
Object Model (DOM) element properties. Malicious HTML content could cause
an application linked against XULRunner (such as Firefox) to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2010-3765)
For technical details regarding this flaw, refer to the Mozilla security
advisories for Firefox 3.6.12. You can find a link to the Mozilla
advisories in the References section of this erratum.
All XULRunner users should upgrade to these updated packages, which contain
a backported patch to correct this issue. After installing the update,
applications using XULRunner must be restarted for the changes to take
effect.";
tag_affected = "xulrunner on Red Hat Enterprise Linux (v. 5 server)";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "https://www.redhat.com/archives/rhsa-announce/2010-October/msg00032.html");
script_oid("1.3.6.1.4.1.25623.1.0.870354");
script_version("$Revision: 8469 $");
script_tag(name:"last_modification", value:"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $");
script_tag(name:"creation_date", value:"2010-11-04 12:09:38 +0100 (Thu, 04 Nov 2010)");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_xref(name: "RHSA", value: "2010:0809-01");
script_cve_id("CVE-2010-3765");
script_name("RedHat Update for xulrunner RHSA-2010:0809-01");
script_tag(name: "summary" , value: "Check for the Version of xulrunner");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
script_family("Red Hat Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "RHENT_5")
{
if ((res = isrpmvuln(pkg:"xulrunner", rpm:"xulrunner~1.9.2.11~4.el5_5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xulrunner-debuginfo", rpm:"xulrunner-debuginfo~1.9.2.11~4.el5_5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xulrunner-devel", rpm:"xulrunner-devel~1.9.2.11~4.el5_5", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo