xulrunner - several vulnerabilities

Several vulnerabilities have been discovered in Xulrunner, the
component that provides the core functionality of Iceweasel, Debian’s
variant of Mozilla’s browser technology.

The Common Vulnerabilities and Exposures project identifies the
following problems:

• CVE-2010-3765
  Xulrunner allows remote attackers to execute arbitrary code
  via vectors related to nsCSSFrameConstructor::ContentAppended,
  the appendChild method, incorrect index tracking, and the
  creation of multiple frames, which triggers memory corruption.
• CVE-2010-3174
  CVE-2010-3176
  Multiple unspecified vulnerabilities in the browser engine in
  Xulrunner allow remote attackers to cause a denial of service
  (memory corruption and application crash) or possibly execute
  arbitrary code via unknown vectors.
• CVE-2010-3177
  Multiple cross-site scripting (XSS) vulnerabilities in the
  Gopher parser in Xulrunner allow remote attackers to inject
  arbitrary web script or HTML via a crafted name of a (1) file
  or (2) directory on a Gopher server.
• CVE-2010-3178
  Xulrunner does not properly handle certain modal calls made by
  javascript: URLs in circumstances related to opening a new
  window and performing cross-domain navigation, which allows
  remote attackers to bypass the Same Origin Policy via a
  crafted HTML document.
• CVE-2010-3179
  Stack-based buffer overflow in the text-rendering
  functionality in Xulrunner allows remote attackers to execute
  arbitrary code or cause a denial of service (memory corruption
  and application crash) via a long argument to the
  document.write method.
• CVE-2010-3180
  Use-after-free vulnerability in the nsBarProp function in
  Xulrunner allows remote attackers to execute arbitrary code by
  accessing the locationbar property of a closed window.
• CVE-2010-3183
  The LookupGetterOrSetter function in Xulrunner does not
  properly support window.__lookupGetter__ function calls that
  lack arguments, which allows remote attackers to execute
  arbitrary code or cause a denial of service (incorrect pointer
  dereference and application crash) via a crafted HTML
  document.

In addition, this security update includes corrections for regressions
caused by the fixes for CVE-2010-0654 and CVE-2010-2769 in DSA-2075-1
and DSA-2106-1.

For the stable distribution (lenny), these problems have been fixed in
version 1.9.0.19-6.

For the unstable distribution (sid) and the upcoming stable
distribution (squeeze), these problems have been fixed in version
3.5.15-1 of the iceweasel package.

We recommend that you upgrade your Xulrunner packages.