Lucene search

K
osvGoogleOSV:DSA-2124-1
HistoryNov 01, 2010 - 12:00 a.m.

xulrunner - several vulnerabilities

2010-11-0100:00:00
Google
osv.dev
36

EPSS

0.969

Percentile

99.8%

Several vulnerabilities have been discovered in Xulrunner, the
component that provides the core functionality of Iceweasel, Debian’s
variant of Mozilla’s browser technology.

The Common Vulnerabilities and Exposures project identifies the
following problems:

  • CVE-2010-3765
    Xulrunner allows remote attackers to execute arbitrary code
    via vectors related to nsCSSFrameConstructor::ContentAppended,
    the appendChild method, incorrect index tracking, and the
    creation of multiple frames, which triggers memory corruption.
  • CVE-2010-3174
    CVE-2010-3176
    Multiple unspecified vulnerabilities in the browser engine in
    Xulrunner allow remote attackers to cause a denial of service
    (memory corruption and application crash) or possibly execute
    arbitrary code via unknown vectors.
  • CVE-2010-3177
    Multiple cross-site scripting (XSS) vulnerabilities in the
    Gopher parser in Xulrunner allow remote attackers to inject
    arbitrary web script or HTML via a crafted name of a (1) file
    or (2) directory on a Gopher server.
  • CVE-2010-3178
    Xulrunner does not properly handle certain modal calls made by
    javascript: URLs in circumstances related to opening a new
    window and performing cross-domain navigation, which allows
    remote attackers to bypass the Same Origin Policy via a
    crafted HTML document.
  • CVE-2010-3179
    Stack-based buffer overflow in the text-rendering
    functionality in Xulrunner allows remote attackers to execute
    arbitrary code or cause a denial of service (memory corruption
    and application crash) via a long argument to the
    document.write method.
  • CVE-2010-3180
    Use-after-free vulnerability in the nsBarProp function in
    Xulrunner allows remote attackers to execute arbitrary code by
    accessing the locationbar property of a closed window.
  • CVE-2010-3183
    The LookupGetterOrSetter function in Xulrunner does not
    properly support window.__lookupGetter__ function calls that
    lack arguments, which allows remote attackers to execute
    arbitrary code or cause a denial of service (incorrect pointer
    dereference and application crash) via a crafted HTML
    document.

In addition, this security update includes corrections for regressions
caused by the fixes for CVE-2010-0654 and CVE-2010-2769 in DSA-2075-1
and DSA-2106-1.

For the stable distribution (lenny), these problems have been fixed in
version 1.9.0.19-6.

For the unstable distribution (sid) and the upcoming stable
distribution (squeeze), these problems have been fixed in version
3.5.15-1 of the iceweasel package.

We recommend that you upgrade your Xulrunner packages.