Lucene search

K
osvGoogleOSV:DSA-2106-1
HistorySep 08, 2010 - 12:00 a.m.

xulrunner - several vulnerabilities

2010-09-0800:00:00
Google
osv.dev
26
xulrunner
vulnerabilities
arbitrary code execution
security policies

EPSS

0.638

Percentile

97.9%

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:

  • CVE-2010-2760, CVE-2010-3167, CVE-2010-3168
    Implementation errors in XUL processing allow the execution of arbitrary
    code.
  • CVE-2010-2763
    An implementation error in the XPCSafeJSObjectWrapper wrapper allows the
    bypass of the same origin policy.
  • CVE-2010-2765
    An integer overflow in frame handling allows the execution of arbitrary
    code.
  • CVE-2010-2766
    An implementation error in DOM handling allows the execution of arbitrary
    code.
  • CVE-2010-2767
    Incorrect pointer handling in the plugin code allow the execution of
    arbitrary code.
  • CVE-2010-2768
    Incorrect handling of an object tag may lead to the bypass of cross
    site scripting filters.
  • CVE-2010-2769
    Incorrect copy and paste handling could lead to cross site scripting.
  • CVE-2010-3169
    Crashes in the layout engine may lead to the execution of arbitrary
    code.

For the stable distribution (lenny), these problems have been fixed in
version 1.9.0.19-4.

For the unstable distribution (sid), these problems have been fixed in
version 3.5.12-1 of the iceweasel source package (which now builds the
xulrunner library binary packages).

For the experimental distribution, these problems have been fixed in
version 3.6.9-1 of the iceweasel source package (which now builds the
xulrunner library binary packages).

We recommend that you upgrade your xulrunner packages.