xulrunner - several vulnerabilities

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:

• CVE-2009-3380
  Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel
  Banchero, David Keeler and Boris Zbarsky reported crashes in
  layout engine, which might allow the execution of arbitrary code.
• CVE-2009-3382
  Carsten Book reported a crash in the layout engine, which might
  allow the execution of arbitrary code.
• CVE-2009-3376
  Jesse Ruderman and Sid Stamm discovered spoofing vulnerability
  in the file download dialog.
• CVE-2009-3375
  Gregory Fleischer discovered a bypass of the same-origin policy
  using the document.getSelection() function.
• CVE-2009-3374
  “moz_bug_r_a4” discovered a privilege escalation to Chrome status
  in the XPCOM utility XPCVariant::VariantDataToJS.
• CVE-2009-3373
  “regenrecht” discovered a buffer overflow in the GIF parser, which
  might lead to the execution of arbitrary code.
• CVE-2009-3372
  Marco C. discovered that a programming error in the proxy auto
  configuration code might lead to denial of service or the
  execution of arbitrary code.
• CVE-2009-3274
  Jeremy Brown discovered that the filename of a downloaded file
  which is opened by the user is predictable, which might lead to
  tricking the user into a malicious file if the attacker has local
  access to the system.
• CVE-2009-3370
  Paul Stone discovered that history information from web forms
  could be stolen.

For the stable distribution (lenny), these problems have been fixed
in version 1.9.0.15-0lenny1.

As indicated in the Etch
release notes, security support for the Mozilla products in the oldstable
distribution needed to be stopped before the end of the regular Etch security
maintenance life cycle. You are strongly encouraged to upgrade to stable or
switch to a still supported browser.

For the unstable distribution (sid), these problems have been fixed in
version 1.9.1.4-1.

We recommend that you upgrade your xulrunner packages.