Oval Definition:oval:org.mitre.oval:def:13517
Revision Date:2014-06-23Version:20
Title:DSA-2027-1 xulrunner -- several
Description:Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0174 Jesse Ruderman and Ehsan Akhgari discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2010-0175 It was discovered that incorrect memory handling in the XUL event handler might allow the execution of arbitrary code. CVE-2010-0176 It was discovered that incorrect memory handling in the XUL event handler might allow the execution of arbitrary code. CVE-2010-0177 It was discovered that incorrect memory handling in the plugin code might allow the execution of arbitrary code. CVE-2010-0178 Paul Stone discovered that forced drag-and-drop events could lead to Chrome privilege escalation. CVE-2010-0179 It was discovered that a programming error in the XMLHttpRequestSpy module could lead to the execution of arbitrary code. For the stable distribution, these problems have been fixed in version 1.9.0.19-1. For the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your xulrunner packages.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2010-0174
CVE-2010-0175
CVE-2010-0176
CVE-2010-0177
CVE-2010-0178
CVE-2010-0179
DSA-2027-1
Platform(s):Debian GNU/Linux 5.0
Product(s):xulrunner
Definition Synopsis
  • Debian GNU/Linux 5.0 is installed
  • AND Architecture section
  • Architecture independet section
  • Installed architecture is all
  • AND libmozillainterfaces-java DPKG is earlier than 1.9.0.19-1
  • OR Architecture depended section
  • Supported architectures section
  • Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is armel
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is hppa
  • AND Packages section
  • libmozjs-dev DPKG is earlier than 1.9.0.19-1
  • OR spidermonkey-bin DPKG is earlier than 1.9.0.19-1
  • OR xulrunner-1.9-gnome-support DPKG is earlier than 1.9.0.19-1
  • OR xulrunner-1.9 DPKG is earlier than 1.9.0.19-1
  • OR libmozjs1d-dbg DPKG is earlier than 1.9.0.19-1
  • OR libmozjs1d DPKG is earlier than 1.9.0.19-1
  • OR python-xpcom DPKG is earlier than 1.9.0.19-1
  • OR xulrunner-1.9-dbg DPKG is earlier than 1.9.0.19-1
  • OR xulrunner-dev DPKG is earlier than 1.9.0.19-1
    • BACK