Lucene search

K
osvGoogleOSV:DSA-2027-1
HistoryApr 03, 2010 - 12:00 a.m.

xulrunner - several vulnerabilities

2010-04-0300:00:00
Google
osv.dev
9

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:

  • CVE-2010-0174
    Jesse Ruderman and Ehsan Akhgari discovered crashes in the layout
    engine, which might allow the execution of arbitrary code.
  • CVE-2010-0175
    It was discovered that incorrect memory handling in the XUL event
    handler might allow the execution of arbitrary code.
  • CVE-2010-0176
    It was discovered that incorrect memory handling in the XUL event
    handler might allow the execution of arbitrary code.
  • CVE-2010-0177
    It was discovered that incorrect memory handling in the plugin code
    might allow the execution of arbitrary code.
  • CVE-2010-0178
    Paul Stone discovered that forced drag-and-drop events could lead to
    Chrome privilege escalation.
  • CVE-2010-0179
    It was discovered that a programming error in the XMLHttpRequestSpy
    module could lead to the execution of arbitrary code.

For the stable distribution (lenny), these problems have been fixed in
version 1.9.0.19-1.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your xulrunner packages.

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Related for OSV:DSA-2027-1