From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1615-1
[email protected] http://www.debian.org/security/ Moritz Muehlenhoff
July 23, 2008
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : xulrunner
Vulnerability : several
Problem type : local/remote
Debian-specific: no
CVE ID : CVE-2008-2785 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2811 CVE-2008-2933
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2008-2785
It was discovered that missing boundary checks on a reference
counter for CSS objects can lead to the execution of arbitrary code.
CVE-2008-2798
Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of
arbitrary code.
CVE-2008-2799
Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in
the Javascript engine, which might allow the execution of arbitrary code.
CVE-2008-2800
"moz_bug_r_a4" discovered several cross-site scripting vulnerabilities.
CVE-2008-2801
Collin Jackson and Adam Barth discovered that Javascript code
could be executed in the context of signed JAR archives.
CVE-2008-2802
"moz_bug_r_a4" discovered that XUL documements can escalate
privileges by accessing the pre-compiled "fastload" file.
CVE-2008-2803
"moz_bug_r_a4" discovered that missing input sanitising in the
mozIJSSubScriptLoader.loadSubScript() function could lead to the
execution of arbitrary code. Iceweasel itself is not affected, but
some addons are.
CVE-2008-2805
Claudio Santambrogio discovered that missing access validation in
DOM parsing allows malicious web sites to force the browser to
upload local files to the server, which could lead to information
disclosure.
CVE-2008-2807
Daniel Glazman discovered that a programming error in the code for
parsing .properties files could lead to memory content being
exposed to addons, which could lead to information disclosure.
CVE-2008-2808
Masahiro Yamada discovered that file URLS in directory listings
were insufficiently escaped.
CVE-2008-2809
John G. Myers, Frank Benkstein and Nils Toedtmann discovered that
alternate names on self-signed certificates were handled
insufficiently, which could lead to spoofings secure connections.
CVE-2008-2811
Greg McManus discovered discovered a crash in the block reflow
code, which might allow the execution of arbitrary code.
CVE-2008-2933
Billy Rios discovered that passing an URL containing a pipe symbol
to Iceweasel can lead to Chrome privilege escalation.
For the stable distribution (etch), these problems have been fixed in
version 1.8.0.15~pre080614d-0etch1.
For the unstable distribution (sid), these problems have been fixed in
version 1.9.0.1-1.
We recommend that you upgrade your xulrunner packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614d-0etch1.dsc
Size/MD5 checksum: 1984 31304658ad202bb9e5f675c17336cf3f
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614d-0etch1.diff.gz
Size/MD5 checksum: 145874 489cde3dae0240fefe68b2f53053d8c3
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614d.orig.tar.gz
Size/MD5 checksum: 42800584 0a4cf16412f00f337752f57395b32ef2
Architecture independent packages:
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.15~pre080614d-0etch1_all.deb
Size/MD5 checksum: 2844006 fcab4e8948288b783fa4404c5c433720
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.15~pre080614d-0etch1_all.deb
Size/MD5 checksum: 175680 875d41d8f381cba8311fdcec7673e00a
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.15~pre080614d-0etch1_all.deb
Size/MD5 checksum: 238584 465784dcbe74f3099d9e637458d3910b
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.15~pre080614d-0etch1_all.deb
Size/MD5 checksum: 36594 42c02bb83126e0ff1e8276f2dbfb9da1
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.15~pre080614d-0etch1_all.deb
Size/MD5 checksum: 213302 0224ec7e681a40f000157dd255dc6d51
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.15~pre080614d-0etch1_all.deb
Size/MD5 checksum: 1086636 f85c0b7ed95d5e8fb00147c56c474e96
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.15~pre080614d-0etch1_all.deb
Size/MD5 checksum: 1031908 44a40685e1300d81d41278e326ba89f9
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.15~pre080614d-0etch1_all.deb
Size/MD5 checksum: 36556 5568df5c50c54dd495b02ff96eb06ef8
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614d-0etch1_alpha.deb
Size/MD5 checksum: 7337372 372936962590bf40b8a5c79a48ea1547
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614d-0etch1_alpha.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)