Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-1669-1 xulrunner -- several vulnerabilities

Related Vulnerabilities: CVE-2008-0016   CVE-2008-3835   CVE-2008-3836   CVE-2008-3837   CVE-2008-4058   CVE-2008-4059   CVE-2008-4060   CVE-2008-4061   CVE-2008-4062   CVE-2008-4065   CVE-2008-4066   CVE-2008-4067   CVE-2008-4068   CVE-2008-4069   CVE-2008-4582   CVE-2008-5012   CVE-2008-5013   CVE-2008-5014   CVE-2008-5017   CVE-2008-5018   CVE-2008-0017   CVE-2008-5021   CVE-2008-5022   CVE-2008-5023   CVE-2008-5024  

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0016 Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. CVE-2008-3835 "moz_bug_r_a4" discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could by bypassed. CVE-2008-3836 "moz_bug_r_a4" discovered that several vulnerabilities in feedWriter could lead to Chrome privilege escalation. CVE-2008-3837 Paul Nickerson discovered that an attacker could move windows during a mouse click, resulting in unwanted action triggered by drag-and-drop. CVE-2008-4058 "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. CVE-2008-4059 "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. CVE-2008-4060 Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability in XSLT handling. CVE-2008-4061 Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. CVE-2008-4062 Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2008-4065 Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. CVE-2008-4066 Gareth Heyes discovered that some Unicode surrogate characters are ignored by the HTML parser. CVE-2008-4067 Boris Zbarsky discovered that resource: URls allow directory traversal when using URL-encoded slashes. CVE-2008-4068 Georgi Guninski discovered that resource: URLs could bypass local access restrictions. CVE-2008-4069 Billy Hoffman discovered that the XBM decoder could reveal uninitialised memory. CVE-2008-4582 Liu Die Yu discovered an information leak through local shortcut files. CVE-2008-5012 Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. CVE-2008-5013 It was discovered that insufficient checks in the Flash plugin glue code could lead to arbitrary code execution. CVE-2008-5014 Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. CVE-2008-5017 It was discovered that crashes in the layout engine could lead to arbitrary code execution. CVE-2008-5018 It was discovered that crashes in the Javascript engine could lead to arbitrary code execution. CVE-2008-0017 Justin Schuh discovered that a buffer overflow in http-index-format parser could lead to arbitrary code execution. CVE-2008-5021 It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. CVE-2008-5022 "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. CVE-2008-5023 Collin Jackson discovered that the -moz-binding property bypasses security checks on codebase principals. CVE-2008-5024 Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. For the stable distribution (etch), these problems have been fixed in version 1.8.0.15~pre080614h-0etch1. Packages for mips will be provided later. For the upcoming stable distribution (lenny) and the unstable distribution (sid), these problems have been fixed in version 1.9.0.4-1. We recommend that you upgrade your xulrunner packages.

Source

Debian Security Advisory

DSA-1669-1 xulrunner -- several vulnerabilities

Date Reported:
23 Nov 2008
Affected Packages:
xulrunner
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2008-0016, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5017, CVE-2008-5018, CVE-2008-0017, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024.
More information:

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2008-0016

    Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code.

  • CVE-2008-3835

    "moz_bug_r_a4" discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could by bypassed.

  • CVE-2008-3836

    "moz_bug_r_a4" discovered that several vulnerabilities in feedWriter could lead to Chrome privilege escalation.

  • CVE-2008-3837

    Paul Nickerson discovered that an attacker could move windows during a mouse click, resulting in unwanted action triggered by drag-and-drop.

  • CVE-2008-4058

    "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers.

  • CVE-2008-4059

    "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers.

  • CVE-2008-4060

    Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability in XSLT handling.

  • CVE-2008-4061

    Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code.

  • CVE-2008-4062

    Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code.

  • CVE-2008-4065

    Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string.

  • CVE-2008-4066

    Gareth Heyes discovered that some Unicode surrogate characters are ignored by the HTML parser.

  • CVE-2008-4067

    Boris Zbarsky discovered that resource: URls allow directory traversal when using URL-encoded slashes.

  • CVE-2008-4068

    Georgi Guninski discovered that resource: URLs could bypass local access restrictions.

  • CVE-2008-4069

    Billy Hoffman discovered that the XBM decoder could reveal uninitialised memory.

  • CVE-2008-4582

    Liu Die Yu discovered an information leak through local shortcut files.

  • CVE-2008-5012

    Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions.

  • CVE-2008-5013

    It was discovered that insufficient checks in the Flash plugin glue code could lead to arbitrary code execution.

  • CVE-2008-5014

    Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution.

  • CVE-2008-5017

    It was discovered that crashes in the layout engine could lead to arbitrary code execution.

  • CVE-2008-5018

    It was discovered that crashes in the Javascript engine could lead to arbitrary code execution.

  • CVE-2008-0017

    Justin Schuh discovered that a buffer overflow in http-index-format parser could lead to arbitrary code execution.

  • CVE-2008-5021

    It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code.

  • CVE-2008-5022

    "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed.

  • CVE-2008-5023

    Collin Jackson discovered that the -moz-binding property bypasses security checks on codebase principals.

  • CVE-2008-5024

    Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents.

For the stable distribution (etch), these problems have been fixed in version 1.8.0.15~pre080614h-0etch4. Packages for mips will be provided later.

For the upcoming stable distribution (lenny) and the unstable distribution (sid), these problems have been fixed in version 1.9.0.4-1.

We recommend that you upgrade your xulrunner packages.

Fixed in:

Debian GNU/Linux 4.0 (etch)

Source:
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h.orig.tar.gz
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch4.diff.gz
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch4.dsc
Architecture-independent component:
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.15~pre080614h-0etch4_all.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.15~pre080614h-0etch4_all.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.15~pre080614h-0etch4_all.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.15~pre080614h-0etch4_all.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.15~pre080614h-0etch4_all.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.15~pre080614h-0etch4_all.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.15~pre080614h-0etch4_all.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.15~pre080614h-0etch4_all.deb
Alpha:
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch4_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch4_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch4_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch4_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch4_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch4_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch4_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch4_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch4_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch4_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch4_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch4_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch4_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch4_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch4_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch4_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch4_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch4_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch4_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch4_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch4_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch4_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch4_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch4_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch4_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch4_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch4_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch4_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch4_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch4_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch4_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch4_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch4_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch4_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch4_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch4_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch4_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch4_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch4_arm.deb
HP Precision:
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch4_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch4_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch4_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch4_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch4_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch4_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch4_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch4_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch4_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch4_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch4_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch4_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch4_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch4_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch4_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch4_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch4_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch4_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch4_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch4_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch4_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch4_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch4_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch4_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch4_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch4_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch4_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch4_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch4_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch4_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch4_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch4_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch4_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch4_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch4_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch4_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch4_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch4_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch4_ia64.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch4_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch4_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch4_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch4_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch4_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch4_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch4_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch4_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch4_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch4_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch4_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch4_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch4_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch4_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch4_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch4_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch4_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch4_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch4_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch4_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch4_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch4_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch4_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch4_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch4_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch4_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch4_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch4_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch4_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch4_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch4_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch4_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch4_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch4_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch4_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch4_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch4_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch4_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch4_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch4_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch4_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch4_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch4_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch4_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch4_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch4_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch4_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch4_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch4_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch4_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch4_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch4_sparc.deb

MD5 checksums of the listed files are available in the original advisory.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started