xulrunner - arbitrary code execution

2008-04-2400:00:00

Google

osv.dev

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

It was discovered that crashes in the Javascript engine of xulrunner,
the Gecko engine library, could potentially lead to the execution of
arbitrary code.

For the stable distribution (etch), this problem has been fixed in
version 1.8.0.15~pre080323b-0etch2.

For the unstable distribution (sid), this problem has been fixed in
version 1.8.1.14-1.

We recommend that you upgrade your xulrunner packages.

CPENameOperatorVersion
xulrunnereq1.8.0.14~pre071019b-0lenny1
xulrunnereq1.8.0.12-0etch1
xulrunnereq1.8.0.15~pre080131b-0etch1
xulrunnereq1.8.0.13~pre070720-0etch3+lenny1
xulrunnereq1.8.0.15~pre080323b-0etch1
xulrunnereq1.8.0.11-2
xulrunnereq1.8.0.13~pre070720-0etch1
xulrunnereq1.8.0.11-3
xulrunnereq1.8.0.14~pre071019b-0etch1
xulrunnereq1.8.0.11-4.1

Name	Operator	Version
xulrunner	eq	1.8.0.14~pre071019b-0lenny1
xulrunner	eq	1.8.0.12-0etch1
xulrunner	eq	1.8.0.15~pre080131b-0etch1
xulrunner	eq	1.8.0.13~pre070720-0etch3+lenny1
xulrunner	eq	1.8.0.15~pre080323b-0etch1
xulrunner	eq	1.8.0.11-2
xulrunner	eq	1.8.0.13~pre070720-0etch1
xulrunner	eq	1.8.0.11-3
xulrunner	eq	1.8.0.14~pre071019b-0etch1
xulrunner	eq	1.8.0.11-4.1