Lucene search

K

RedHat Update for xulrunner RHSA-2010:0809-01

πŸ—“οΈΒ 04 Nov 2010Β 00:00:00Reported byΒ Copyright (c) 2010 Greenbone Networks GmbHTypeΒ 
openvas
Β openvas
πŸ”—Β plugins.openvas.orgπŸ‘Β 15Β Views

RedHat Update for xulrunner provides the XUL Runtime environment for applications using the Gecko layout engine. An update is available for a race condition flaw that could cause an application linked against XULRunner to crash or execute arbitrary code

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Packet Storm
Firefox Interleaving Denial Of Service
28 Oct 201000:00
–packetstorm
Packet Storm
Mozilla Firefox Interleaving document.write / appendChild Code Execution
19 Feb 201100:00
–packetstorm
Packet Storm
Firefox Memory Corruption
29 Oct 201000:00
–packetstorm
securityvulns
Mozilla Foundation Security Advisory 2010-73
1 Nov 201000:00
–securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey buffer overflow
1 Nov 201000:00
–securityvulns
Ubuntu
Xulrunner vulnerability
29 Oct 201000:00
–ubuntu
Ubuntu
Firefox vulnerability
28 Oct 201000:00
–ubuntu
Ubuntu
Thunderbird vulnerability
28 Oct 201000:00
–ubuntu
0day.today
Firefox Memory Corruption Proof of Concept (Simplified)
29 Oct 201000:00
–zdt
Cent OS
firefox security update
28 Oct 201022:36
–centos
Rows per page
###############################################################################
# OpenVAS Vulnerability Test
#
# RedHat Update for xulrunner RHSA-2010:0809-01
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "XULRunner provides the XUL Runtime environment for applications using the
  Gecko layout engine.

  A race condition flaw was found in the way XULRunner handled Document
  Object Model (DOM) element properties. Malicious HTML content could cause
  an application linked against XULRunner (such as Firefox) to crash or,
  potentially, execute arbitrary code with the privileges of the user running
  the application. (CVE-2010-3765)

  For technical details regarding this flaw, refer to the Mozilla security
  advisories for Firefox 3.6.12. You can find a link to the Mozilla
  advisories in the References section of this erratum.

  All XULRunner users should upgrade to these updated packages, which contain
  a backported patch to correct this issue. After installing the update,
  applications using XULRunner must be restarted for the changes to take
  effect.";

tag_affected = "xulrunner on Red Hat Enterprise Linux (v. 5 server)";
tag_solution = "Please Install the Updated Packages.";


if(description)
{
  script_xref(name : "URL" , value : "https://www.redhat.com/archives/rhsa-announce/2010-October/msg00032.html");
  script_oid("1.3.6.1.4.1.25623.1.0.870354");
  script_version("$Revision: 8469 $");
  script_tag(name:"last_modification", value:"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $");
  script_tag(name:"creation_date", value:"2010-11-04 12:09:38 +0100 (Thu, 04 Nov 2010)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_xref(name: "RHSA", value: "2010:0809-01");
  script_cve_id("CVE-2010-3765");
  script_name("RedHat Update for xulrunner RHSA-2010:0809-01");

  script_tag(name: "summary" , value: "Check for the Version of xulrunner");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
  script_family("Red Hat Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "RHENT_5")
{

  if ((res = isrpmvuln(pkg:"xulrunner", rpm:"xulrunner~1.9.2.11~4.el5_5", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"xulrunner-debuginfo", rpm:"xulrunner-debuginfo~1.9.2.11~4.el5_5", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"xulrunner-devel", rpm:"xulrunner-devel~1.9.2.11~4.el5_5", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo