DSA-2106-1 xulrunner -- severalID: oval:org.secpod.oval:def:600161 | Date: (C)2011-01-28 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: - - Implementation errors in XUL processing allow the execution of arbitrary code - - An implementation error in the XPCSafeJSObjectWrapper wrapper allows the bypass of the same origin policy - - An integer overflow in frame handling allows the execution of arbitrary code - - An implementation error in DOM handling allows the execution of arbitrary code - - Incorrect pointer handling in the plugin code allow the execution of arbitrary code - - Incorrect handling of an object tag may lead to the bypass of cross site scripting filters - - Incorrect copy and paste handling could lead to cross site scripting - - Crashes in the layout engine may lead to the execution of arbitrary code For the stable distribution , these problems have been fixed in version 1.9.0.19-4. For the unstable distribution , these problems have been fixed in version 3.5.12-1 of the iceweasel source package . For the experimental distribution, these problems have been fixed in version 3.6.9-1 of the iceweasel source package . We recommend that you upgrade your xulrunner packages.