Lucene search

K
osvGoogleOSV:DSA-1669-1
HistoryNov 23, 2008 - 12:00 a.m.

xulrunner - several vulnerabilities

2008-11-2300:00:00
Google
osv.dev
5

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.963 High

EPSS

Percentile

99.3%

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:

  • CVE-2008-0016
    Justin Schuh, Tom Cross and Peter Williams discovered a buffer
    overflow in the parser for UTF-8 URLs, which may lead to the
    execution of arbitrary code.
  • CVE-2008-3835
    “moz_bug_r_a4” discovered that the same-origin check in
    nsXMLDocument::OnChannelRedirect() could by bypassed.
  • CVE-2008-3836
    “moz_bug_r_a4” discovered that several vulnerabilities in
    feedWriter could lead to Chrome privilege escalation.
  • CVE-2008-3837
    Paul Nickerson discovered that an attacker could move windows
    during a mouse click, resulting in unwanted action triggered by
    drag-and-drop.
  • CVE-2008-4058
    “moz_bug_r_a4” discovered a vulnerability which can result in
    Chrome privilege escalation through XPCNativeWrappers.
  • CVE-2008-4059
    “moz_bug_r_a4” discovered a vulnerability which can result in
    Chrome privilege escalation through XPCNativeWrappers.
  • CVE-2008-4060
    Olli Pettay and “moz_bug_r_a4” discovered a Chrome privilege
    escalation vulnerability in XSLT handling.
  • CVE-2008-4061
    Jesse Ruderman discovered a crash in the layout engine, which might
    allow the execution of arbitrary code.
  • CVE-2008-4062
    Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour
    discovered crashes in the Javascript engine, which might allow the
    execution of arbitrary code.
  • CVE-2008-4065
    Dave Reed discovered that some Unicode byte order marks are
    stripped from Javascript code before execution, which can result in
    code being executed, which were otherwise part of a quoted string.
  • CVE-2008-4066
    Gareth Heyes discovered that some Unicode surrogate characters are
    ignored by the HTML parser.
  • CVE-2008-4067
    Boris Zbarsky discovered that resource: URls allow directory
    traversal when using URL-encoded slashes.
  • CVE-2008-4068
    Georgi Guninski discovered that resource: URLs could bypass local
    access restrictions.
  • CVE-2008-4069
    Billy Hoffman discovered that the XBM decoder could reveal
    uninitialised memory.
  • CVE-2008-4582
    Liu Die Yu discovered an information leak through local shortcut
    files.
  • CVE-2008-5012
    Georgi Guninski, Michal Zalewski and Chris Evan discovered that
    the canvas element could be used to bypass same-origin
    restrictions.
  • CVE-2008-5013
    It was discovered that insufficient checks in the Flash plugin glue
    code could lead to arbitrary code execution.
  • CVE-2008-5014
    Jesse Ruderman discovered that a programming error in the
    window.__proto__.__proto__ object could lead to arbitrary code
    execution.
  • CVE-2008-5017
    It was discovered that crashes in the layout engine could lead to
    arbitrary code execution.
  • CVE-2008-5018
    It was discovered that crashes in the Javascript engine could lead to
    arbitrary code execution.
  • CVE-2008-0017
    Justin Schuh discovered that a buffer overflow in http-index-format
    parser could lead to arbitrary code execution.
  • CVE-2008-5021
    It was discovered that a crash in the nsFrameManager might lead to
    the execution of arbitrary code.
  • CVE-2008-5022
    “moz_bug_r_a4” discovered that the same-origin check in
    nsXMLHttpRequest::NotifyEventListeners() could be bypassed.
  • CVE-2008-5023
    Collin Jackson discovered that the -moz-binding property bypasses
    security checks on codebase principals.
  • CVE-2008-5024
    Chris Evans discovered that quote characters were improperly
    escaped in the default namespace of E4X documents.

For the stable distribution (etch), these problems have been fixed in
version 1.8.0.15~pre080614h-0etch1. Packages for mips will be provided
later.

For the upcoming stable distribution (lenny) and the unstable
distribution (sid), these problems have been fixed in version 1.9.0.4-1.

We recommend that you upgrade your xulrunner packages.

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.963 High

EPSS

Percentile

99.3%