Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3844 moz_bug_r_a4 discovered that a regression in the handling of about:blank windows used by addons may lead to an attacker being able to modify the content of web sites. CVE-2007-3845 Jesper Johansson discovered that missing sanitising of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page. The oldstable distribution (sarge) doesn't include xulrunner. For the stable distribution (etch) these problems have been fixed in version 1.8.0.13~pre070720-0etch3. For the unstable distribution (sid) these problems have been fixed in version 1.8.1.6-1. We recommend that you upgrade your xulrunner packages.
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems:
moz_bug_r_a4
discovered that a regression in the handling of
about:blank
windows used by addons may lead to an attacker being
able to modify the content of web sites.
Jesper Johansson discovered that missing sanitising of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page.
The oldstable distribution (sarge) doesn't include xulrunner.
For the stable distribution (etch) these problems have been fixed in version 1.8.0.13~pre070720-0etch4.
For the unstable distribution (sid) these problems have been fixed in version 1.8.1.6-1.
We recommend that you upgrade your xulrunner packages.
MD5 checksums of the listed files are available in the original advisory.