Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 2124-1] New Xulrunner packages fix several vulnerabilit

From Florian Weimer@1:229/2 to All on Mon Nov 1 21:40:02 2010

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-2124-1 [email protected] http://www.debian.org/security/ Florian Weimer November 01, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : xulrunner
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2010-3765 CVE-2010-3174 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3183

Several vulnerabilities have been discovered in Xulrunner, the
component that provides the core functionality of Iceweasel, Debian's
variant of Mozilla's browser technology.

The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2010-3765
Xulrunner allows remote attackers to execute arbitrary code
via vectors related to nsCSSFrameConstructor::ContentAppended,
the appendChild method, incorrect index tracking, and the
creation of multiple frames, which triggers memory corruption.

CVE-2010-3174
CVE-2010-3176
Multiple unspecified vulnerabilities in the browser engine in
Xulrunner allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.

CVE-2010-3177
Multiple cross-site scripting (XSS) vulnerabilities in the
Gopher parser in Xulrunner allow remote attackers to inject
arbitrary web script or HTML via a crafted name of a (1) file
or (2) directory on a Gopher server.

CVE-2010-3178
Xulrunner does not properly handle certain modal calls made by
javascript: URLs in circumstances related to opening a new
window and performing cross-domain navigation, which allows
remote attackers to bypass the Same Origin Policy via a
crafted HTML document.

CVE-2010-3179
Stack-based buffer overflow in the text-rendering
functionality in Xulrunner allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption
and application crash) via a long argument to the
document.write method.

CVE-2010-3180
Use-after-free vulnerability in the nsBarProp function in
Xulrunner allows remote attackers to execute arbitrary code by
accessing the locationbar property of a closed window.

CVE-2010-3183
The LookupGetterOrSetter function in Xulrunner does not
properly support window.__lookupGetter__ function calls that
lack arguments, which allows remote attackers to execute
arbitrary code or cause a denial of service (incorrect pointer
dereference and application crash) via a crafted HTML
document.

In addition, this security update includes corrections for regressions
caused by the fixes for CVE-2010-0654 and CVE-2010-2769 in DSA-2075-1
and DSA-2106-1.

For the stable distribution (lenny), these problems have been fixed in
version 1.9.0.19-6.

For the unstable distribution (sid) and the upcoming stable
distribution (squeeze), these problems have been fixed in version
3.5.15-1 of the iceweasel package.

We recommend that you upgrade your Xulrunner packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-6.dsc
Size/MD5 checksum: 1755 e07e9c6f05d92caf3c5a068b8cf249e1
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19.orig.tar.gz
Size/MD5 checksum: 44174623 83667df1e46399960593fdd8832e958e
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-6.diff.gz
Size/MD5 checksum: 176924 9ac56cbdededbd37f30b2fbf85724ba1

Architecture independent packages:

http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.19-6_all.deb
Size/MD5 checksum: 1466740 4db5a3cb380642680fc8584bbd559c1c

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_alpha.deb
Size/MD5 checksum: 223584 461a28c6405acd4f9bb0576e2982da4e
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_alpha.deb
Size/MD5 checksum: 9491974 d636e29b64c83a2a43d7cf50231ef343
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_alpha.deb
Size/MD5 checksum: 3358362 08e9f79784ad3ba52a30aa1e71553d95
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_alpha.deb
Size/MD5 checksum: 113684 95e4be0c1b10b218859e810ded67ce0d
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_alpha.deb
Size/MD5 checksum: 51201246 ad06f952e5d32680b1739970c0af38d3
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_alpha.deb
Size/MD5 checksum: 165678 3336d43295e15ec246acb9d65aa1684b
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_alpha.deb
Size/MD5 checksum: 940892 45e2a60037bb7bff9c73c882d87d7dbc
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_alpha.deb
Size/MD5 checksum: 72724 742cc5e1c363163a192c6cb6fdb5205a
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_alpha.deb
Size/MD5 checksum: 433560 ea475e8ea28eef6f33881499cfe4179a

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_amd64.deb
Size/MD5 checksum: 70560 9b6ee7fb354dae5d78b03911ee5de94c
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_amd64.deb
Size/MD5 checksum: 102210 3ec67b7e662e5a28228422676408138a
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_amd64.deb
Size/MD5 checksum: 891472 54b7b88accdfc1afe4f3e35669323c26

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	714
Nodes:	16 (2 / 14)
Uptime:	141:12:49
Calls:	12,087
Files:	14,998
Messages:	6,517,442

[SECURITY] [DSA 2124-1] New Xulrunner packages fix several vulnerabilit

Who's Online

System Info