Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-1956-1
HistoryDec 16, 2009 - 12:00 a.m.

xulrunner - several vulnerabilities

2009-12-1600:00:00
Google
osv.dev
24

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:

David James discovered that the window.opener property allows Chrome
privilege escalation.

Jordi Chanel discovered a spoofing vulnerability of the URL location bar
using the document.location property.

Jonathan Morgan discovered that the icon indicating a secure connection
could be spoofed through the document.location property.

Takehiro Takahashi discovered that the NTLM implementation is vulnerable
to reflection attacks.

Jesse Ruderman discovered a crash in the layout engine, which might allow
the execution of arbitrary code.

Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel and Olli Pettay
discovered crashes in the layout engine, which might allow the execution
of arbitrary code.

For the stable distribution (lenny), these problems have been fixed in
version 1.9.0.16-1.

For the unstable distribution (sid), these problems have been fixed in
version 1.9.1.6-1.

We recommend that you upgrade your xulrunner packages.

Related

openvas 65
nessus 47
oraclelinux 3
ubuntu 5
debian 1
centos 2
redhat 2
freebsd 2
fedora 31
suse 1
securityvulns 5
mozilla 4
veracode 6
ubuntucve 6
cve 6
prion 6
exploitpack 1
packetstorm 1
seebug 4
exploitdb 1
openvas
openvas
Ubuntu USN-873-1 (xulrunner-1.9)
2009-12-30 00:00:00
Ubuntu Update for firefox-3.0, xulrunner-1.9 regression USN-877-1
2010-01-15 00:00:00
Debian: Security Advisory (DSA-1956-1)
2009-12-30 00:00:00
nessus
nessus
openSUSE Security Update : MozillaFirefox (MozillaFirefox-1727)
2009-12-23 00:00:00
openSUSE Security Update : MozillaFirefox (MozillaFirefox-1727)
2009-12-23 00:00:00
CentOS 4 / 5 : firefox (CESA-2009:1674)
2009-12-21 00:00:00
oraclelinux
oraclelinux
firefox security update
2009-12-16 00:00:00
seamonkey security update
2009-12-16 00:00:00
thunderbird security update
2010-03-17 00:00:00
ubuntu
ubuntu
Firefox 3.0 and Xulrunner 1.9 regression
2010-01-08 00:00:00
Firefox 3.0 and Xulrunner 1.9 vulnerabilities
2009-12-18 00:00:00
Firefox 3.5 and Xulrunner 1.9.1 regression
2010-01-08 00:00:00
debian
debian
[SECURITY] [DSA 1956-1] New xulrunner packages fix several vulnerabilities
2009-12-16 21:15:39
centos
centos
firefox, xulrunner security update
2009-12-18 02:04:10
seamonkey security update
2009-12-18 19:04:27
redhat
redhat
(RHSA-2009:1674) Critical: firefox security update
2009-12-16 00:00:00
(RHSA-2009:1673) Critical: seamonkey security update
2009-12-15 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2009-12-16 00:00:00
mozilla -- multiple vulnerabilities
2010-03-16 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: seamonkey-2.0.1-1.fc12
2009-12-18 04:36:12
[SECURITY] Fedora 11 Update: xulrunner-1.9.1.6-1.fc11
2009-12-18 04:32:41
[SECURITY] Fedora 11 Update: firefox-3.5.6-1.fc11
2009-12-18 04:32:41
suse
suse
remote code execution in MozillaFirefox
2009-12-22 15:19:49
securityvulns
securityvulns
Mozilla Firefox multiple security vulnerabilities
2009-12-17 00:00:00
Mozilla Foundation Security Advisory 2009-69
2009-12-17 00:00:00
Mozilla Foundation Security Advisory 2009-65
2009-12-17 00:00:00
mozilla
mozilla
Location bar spoofing vulnerabilities — Mozilla
2009-12-15 00:00:00
Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16) — Mozilla
2009-12-15 00:00:00
NTLM reflection vulnerability — Mozilla
2009-12-15 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:40:51
Arbitrary Code Execution
2020-04-10 00:41:40
Spoofed Content Association
2020-04-10 00:41:43
ubuntucve
ubuntucve
CVE-2009-3983
2009-12-15 00:00:00
CVE-2009-3979
2009-12-15 00:00:00
CVE-2009-3981
2009-12-15 00:00:00
cve
cve
CVE-2009-3983
2009-12-17 17:30:00
CVE-2009-3979
2009-12-17 17:30:00
CVE-2009-3981
2009-12-17 17:30:00
prion
prion
Memory corruption
2009-12-17 17:30:00
Design/Logic Flaw
2009-12-17 17:30:00
Memory corruption
2009-12-17 17:30:00
exploitpack
exploitpack
Mozilla Firefox - Location Bar Spoofing
2009-12-18 00:00:00
packetstorm
packetstorm
Mozilla Firefox Location Bar Spoof
2009-12-18 00:00:00
seebug
seebug
Firefox内容注入网页欺骗漏洞
2009-12-18 00:00:00
Mozilla Firefox Location Bar Spoofing Vulnerability
2009-12-18 00:00:00
Firefox window.opener属性Chrome权限提升漏洞
2009-12-20 00:00:00
exploitdb
exploitdb
Mozilla Firefox - Location Bar Spoofing
2009-12-18 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON
Related for OSV:DSA-1956-1
openvas65nessus47oraclelinux3ubuntu5debian1centos2redhat2freebsd2fedora31suse1securityvulns5mozilla4veracode6ubuntucve6cve6prion6exploitpack1packetstorm1seebug4exploitdb1