Lucene search
GoogleOSV:DSA-1392-1HistoryOct 20, 2007 - 12:00 a.m.
xulrunner - several vulnerabilities
2007-10-2000:00:00
Google
osv.dev
20
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:
- CVE-2007-1095
Michal Zalewski discovered that the unload event handler had access to
the address of the next page to be loaded, which could allow information
disclosure or spoofing. - CVE-2007-2292
Stefano Di Paola discovered that insufficient validation of user names
used in Digest authentication on a web site allows HTTP response splitting
attacks. - CVE-2007-3511
It was discovered that insecure focus handling of the file upload
control can lead to information disclosure. This is a variant of
CVE-2006-2894. - CVE-2007-5334
Eli Friedman discovered that web pages written in Xul markup can hide the
titlebar of windows, which can lead to spoofing attacks. - CVE-2007-5337
Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI
schemes may lead to information disclosure. This vulnerability is only
exploitable if Gnome-VFS support is present on the system. - CVE-2007-5338
moz_bug_r_a4 discovered that the protection scheme offered by XPCNativeWrappers
could be bypassed, which might allow privilege escalation. - CVE-2007-5339
L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,
Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2007-5340
Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the
JavaScript engine, which might allow the execution of arbitrary code.
The oldstable distribution (sarge) doesnโt contain xulrunner.
For the stable distribution (etch) these problems have been fixed in version
1.8.0.14~pre071019b-0etch1. Builds for hppa and mipsel will be provided later.
For the unstable distribution (sid) these problems will be fixed soon.
We recommend that you upgrade your xulrunner packages.
References
Related
osv
osv
iceape - several vulnerabilities
2007-11-05 00:00:00
iceweasel
2007-10-27 00:00:00
icedove - several vulnerabilities
2007-10-19 00:00:00
nessus
nessus
Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : mozilla-thunderbird, thunderbird vulnerabilities (USN-536-1)
2007-11-10 00:00:00
Debian DSA-1401-1 : iceape - several vulnerabilities
2007-11-06 00:00:00
Debian DSA-1396-1 : iceweasel - several vulnerabilities
2007-10-30 00:00:00
openvas
openvas
Debian Security Advisory DSA 1401-1 (iceape)
2008-01-17 00:00:00
Debian Security Advisory DSA 1396-1 (icedove)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1401-1)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 1396-1] New iceweasel packages fix several vulnerabilities
2007-10-27 11:54:56
[SECURITY] [DSA 1401-1] New iceape packages fix several vulnerabilities
2007-11-05 23:44:32
[SECURITY] [DSA 1392-1] New xulrunner packages fix several vulnerabilities
2007-10-20 11:56:10
ubuntu
ubuntu
Thunderbird vulnerabilities
2007-10-23 00:00:00
Firefox vulnerabilities
2007-10-22 00:00:00
securityvulns
securityvulns
Mozilla Firefox /Thunderbird / Seamonkey multiple security vulnerabilities
2007-10-23 00:00:00
Mozilla Foundation Security Advisory 2007-29
2007-10-23 00:00:00
Mozilla Foundation Security Advisory 2007-32
2007-10-23 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: seamonkey-1.1.5-2.fc8
2007-11-06 16:05:16
[SECURITY] Fedora 8 Update: thunderbird-2.0.0.9-1.fc8
2007-11-16 00:39:02
[SECURITY] Fedora 7 Update: thunderbird-2.0.0.9-1.fc7
2007-11-16 00:41:37
redhat
redhat
(RHSA-2007:0979) Critical: firefox security update
2007-10-19 00:00:00
(RHSA-2007:0981) Moderate: thunderbird security update
2007-10-19 00:00:00
(RHSA-2007:0980) Critical: seamonkey security update
2007-10-19 00:00:00
oraclelinux
oraclelinux
Critical: firefox security update
2007-10-20 00:00:00
Critical: seamonkey security update
2007-10-20 00:00:00
Moderate: thunderbird security update
2007-10-20 00:00:00
centos
centos
thunderbird security update
2007-10-20 18:06:21
firefox security update
2007-10-20 18:08:04
seamonkey security update
2007-10-19 22:39:36
gentoo
gentoo
Mozilla Firefox, SeaMonkey, XULRunner: Multiple vulnerabilities
2007-11-12 00:00:00
Mozilla Thunderbird: Multiple vulnerabilities
2007-11-18 00:00:00
seebug
seebug
Mozilla Firefox 2.0.0.7ๅคไธช่ฟ็จๅฎๅ
จๆผๆด
2007-10-23 00:00:00
IEๅFirefoxๆต่งๅจDigest่ฎค่ฏ่ฏทๆฑๆๅๆผๆด
2007-10-24 00:00:00
suse
suse
remote code execution in MozillaFirefox,mozilla,seamonkey
2007-10-25 18:13:14
freebsd
freebsd
firefox -- OnUnload Javascript browser entrapment vulnerability
2007-10-19 00:00:00
mozilla
mozilla
Crashes with evidence of memory corruption (rv:1.8.1.8) โ Mozilla
2007-10-18 00:00:00
File input focus stealing vulnerability โ Mozilla
2007-10-18 00:00:00
Possible file stealing through sftp protocol โ Mozilla
2007-10-18 00:00:00
cert
cert
Mozilla XUL web applications may hide the titlebar
2007-10-19 00:00:00
Mozilla products vulnerable to memory corruption in the browser engine
2007-10-19 00:00:00
Mozilla products vulnerable to memory corruption in the JavaScript engine
2007-10-19 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:20:21
Denial Of Service (DoS)
2020-04-10 00:20:22
HTTP Request-splitting
2020-04-10 00:20:20
checkpoint_advisories
checkpoint_advisories
ubuntucve
ubuntucve
cve
cve
prion
prion
Code injection
2007-10-21 20:17:00
Design/Logic Flaw
2007-10-21 20:17:00
Crlf injection
2007-04-26 20:19:00
slackware
slackware
[slackware-security] mozilla-thunderbird
2007-11-21 00:24:34
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related for OSV:DSA-1392-1