Lucene search
GoogleOSV:DSA-1999-1HistoryFeb 18, 2010 - 12:00 a.m.
xulrunner - several vulnerabilities
2010-02-1800:00:00
Google
osv.dev
16
EPSS
0.367
Percentile
97.2%
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:
- CVE-2009-1571
Alin Rad Pop discovered that incorrect memory handling in the
HTML parser could lead to the execution of arbitrary code. - CVE-2009-3988
Hidetake Jo discovered that the same-origin policy can be
bypassed through window.dialogArguments. - CVE-2010-0159
Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn
Wargers and Paul Nickerson reported crashes in layout engine,
which might allow the execution of arbitrary code. - CVE-2010-0160
Orlando Barrera II discovered that incorrect memory handling in the
implementation of the web worker API could lead to the execution
of arbitrary code. - CVE-2010-0162
Georgi Guninski discovered that the same origin policy can be
bypassed through specially crafted SVG documents.
For the stable distribution (lenny), these problems have been fixed in
version 1.9.0.18-1.
For the unstable distribution (sid), these problems have been fixed in
version 1.9.1.8-1.
We recommend that you upgrade your xulrunner packages.
References
Related
nessus
nessus
Debian DSA-1999-1 : xulrunner - several vulnerabilities
2010-02-24 00:00:00
SuSE 11 Security Update : Mozilla XULRunner (SAT Patch Number 2033)
2010-02-25 00:00:00
SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 2025)
2010-02-25 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: firefox-3.5.8-1.fc12
2010-02-20 00:29:04
[SECURITY] Fedora 11 Update: hulahop-0.4.9-12.fc11
2010-02-20 00:15:26
[SECURITY] Fedora 11 Update: mozvoikko-0.9.7-0.11.rc1.fc11
2010-02-20 00:15:26
openvas
openvas
Fedora Update for ruby-gnome2 FEDORA-2010-1936
2010-03-02 00:00:00
Fedora Update for blam FEDORA-2010-1727
2010-03-02 00:00:00
Debian Security Advisory DSA 1999-1 (xulrunner)
2010-02-25 00:00:00
ubuntu
ubuntu
Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities
2010-02-17 00:00:00
Firefox 3.0 and Xulrunner 1.9 vulnerabilities
2010-02-17 00:00:00
debian
debian
[Backports-security-announce] Security Update for xulrunner
2010-03-09 15:11:52
[SECURITY] [DSA 1999-1] New xulrunner packages fix several vulnerabilities
2010-02-18 20:04:53
[Backports-security-announce] Security Update for xulrunner
2010-03-09 15:02:49
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / SeaMonkey multiple security vulnerabilities
2010-02-25 00:00:00
Mozilla Foundation Security Advisory 2010-04
2010-02-19 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2010-02-17 00:00:00
suse
suse
remote code execution in MozillaFirefox,seamonkey
2010-03-04 16:53:48
redhat
redhat
(RHSA-2010:0112) Critical: firefox security update
2010-02-17 00:00:00
(RHSA-2010:0113) Critical: seamonkey security update
2010-02-17 00:00:00
oraclelinux
oraclelinux
firefox security update
2010-02-17 00:00:00
seamonkey security update
2010-02-17 00:00:00
centos
centos
firefox, xulrunner security update
2010-02-18 00:33:18
seamonkey security update
2010-02-18 00:29:51
veracode
veracode
Authorization Bypass
2020-04-10 00:43:58
Authorization Bypass
2020-04-10 00:44:01
prion
prion
Cross site scripting
2010-02-22 13:00:00
Cross site scripting
2010-02-22 13:00:00
cvelist
cvelist
CVE-2009-3988
2010-02-21 17:00:00
CVE-2010-0162
2010-02-21 17:00:00
zdi
zdi
Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability
2010-02-19 00:00:00
ubuntucve
ubuntucve
CVE-2009-3988
2010-02-17 00:00:00
cve
cve
CVE-2009-3988
2010-02-22 13:00:01
CVE-2010-0162
2010-02-22 13:00:02
seebug
seebug
Firefox showModalDialog()ćšćłčˇ¨ĺčćŹć§čĄćźć´
2010-02-20 00:00:00
nvd
nvd
CVE-2009-3988
2010-02-22 13:00:01
CVE-2010-0162
2010-02-22 13:00:02
mozilla
mozilla
XSS hazard using SVG document and binary Content-Type â Mozilla
2010-02-17 00:00:00
XSS due to window.dialogArguments being readable cross-domain â Mozilla
2010-02-17 00:00:00