Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-1751-1 xulrunner -- several vulnerabilities

Related Vulnerabilities: CVE-2009-0771   CVE-2009-0772   CVE-2009-0773   CVE-2009-0774   CVE-2009-0775   CVE-2009-0776  

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0771 Martijn Wargers, Jesse Ruderman and Josh Soref discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-0772 Jesse Ruderman discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-0773 Gary Kwong, and Timothee Groleau discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2009-0774 Gary Kwong discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2009-0775 It was discovered that incorrect memory management in the DOM element handling may lead to the execution of arbitrary code. CVE-2009-0776 Georgi Guninski discovered a violation of the same-origin policy through RDFXMLDataSource and cross-domain redirects. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the stable distribution (lenny), these problems have been fixed in version 1.9.0.7-0lenny1. For the unstable distribution (sid), these problems have been fixed in version 1.9.0.7-1. We recommend that you upgrade your xulrunner packages.

Source

Debian Security Advisory

DSA-1751-1 xulrunner -- several vulnerabilities

Date Reported:
22 Mar 2009
Affected Packages:
xulrunner
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0775, CVE-2009-0776.
More information:

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2009-0771

    Martijn Wargers, Jesse Ruderman and Josh Soref discovered crashes in the layout engine, which might allow the execution of arbitrary code.

  • CVE-2009-0772

    Jesse Ruderman discovered crashes in the layout engine, which might allow the execution of arbitrary code.

  • CVE-2009-0773

    Gary Kwong, and Timothee Groleau discovered crashes in the Javascript engine, which might allow the execution of arbitrary code.

  • CVE-2009-0774

    Gary Kwong discovered crashes in the Javascript engine, which might allow the execution of arbitrary code.

  • CVE-2009-0775

    It was discovered that incorrect memory management in the DOM element handling may lead to the execution of arbitrary code.

  • CVE-2009-0776

    Georgi Guninski discovered a violation of the same-origin policy through RDFXMLDataSource and cross-domain redirects.

As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser.

For the stable distribution (lenny), these problems have been fixed in version 1.9.0.7-0lenny1.

For the unstable distribution (sid), these problems have been fixed in version 1.9.0.7-1.

We recommend that you upgrade your xulrunner packages.

Fixed in:

Debian GNU/Linux 5.0 (lenny)

Source:
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny1.diff.gz
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny1.dsc
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7.orig.tar.gz
Architecture-independent component:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.7-0lenny1_all.deb
Alpha:
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_arm.deb
ARM EABI:
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_armel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_armel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_armel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_armel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_armel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_armel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_armel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_armel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_armel.deb
HP Precision:
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_mips.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_mips.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_mips.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_mips.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_mips.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_mips.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_mips.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_mips.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_sparc.deb

MD5 checksums of the listed files are available in the original advisory.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started