Lucene search
UbuntuUSN-1011-3HistoryOct 29, 2010 - 12:00 a.m.
Xulrunner vulnerability
2010-10-2900:00:00
ubuntu.com
62
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
10
Confidence
High
EPSS
0.969
Percentile
99.8%
Releases
- Ubuntu 10.10
- Ubuntu 10.04
- Ubuntu 9.10
- Ubuntu 8.04
Packages
- xulrunner-1.9.1 - XUL + XPCOM application runner
- xulrunner-1.9.2 - XUL + XPCOM application runner
Details
USN-1011-1 fixed a vulnerability in Firefox. This update provides the
corresponding update for Xulrunner.
Original advisory details:
Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a
user were tricked into navigating to a malicious site, an attacker could
cause a denial of service or possibly execute arbitrary code as the user
invoking the program.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 9.10 | noarch | xulrunner-1.9.1 | <Β 1.9.1.15+build1+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |
| Ubuntu | 9.10 | noarch | xulrunner-1.9.1-dbg | <Β 1.9.1.15+build1+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |
| Ubuntu | 9.10 | noarch | xulrunner-1.9.1-dev | <Β 1.9.1.15+build1+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |
| Ubuntu | 9.10 | noarch | xulrunner-1.9.1-gnome-support | <Β 1.9.1.15+build1+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |
| Ubuntu | 9.10 | noarch | xulrunner-1.9.1-testsuite | <Β 1.9.1.15+build1+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |
| Ubuntu | 9.10 | noarch | xulrunner-1.9.1-testsuite-dev | <Β 1.9.1.15+build1+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |
| Ubuntu | 9.10 | noarch | xulrunner-1.9.2 | <Β 1.9.2.12+build1+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |
| Ubuntu | 9.10 | noarch | xulrunner-1.9.2-dbg | <Β 1.9.2.12+build1+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |
| Ubuntu | 9.10 | noarch | xulrunner-1.9.2-dev | <Β 1.9.2.12+build1+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |
| Ubuntu | 9.10 | noarch | xulrunner-1.9.2-gnome-support | <Β 1.9.2.12+build1+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |
References
Related
openvas
openvas
RedHat Update for seamonkey RHSA-2010:0810-01
2010-11-04 00:00:00
Mozilla Firefox Unspecified Vulnerability Oct-10 (Windows)
2010-11-02 00:00:00
FreeBSD Ports: firefox
2010-11-17 00:00:00
nessus
nessus
Slackware 12.2 / 13.0 / 13.1 / current : seamonkey (SSA:2010-305-01)
2010-11-01 00:00:00
Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
2012-08-01 00:00:00
exploitdb
exploitdb
freebsd
freebsd
mozilla -- Heap buffer overflow mixing document.write and DOM insertion
2010-10-27 00:00:00
redhat
redhat
(RHSA-2010:0808) Critical: firefox security update
2010-10-27 00:00:00
(RHSA-2010:0810) Critical: seamonkey security update
2010-10-27 00:00:00
(RHSA-2010:0812) Moderate: thunderbird security update
2010-10-28 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: mozvoikko-1.0-16.fc13
2010-10-28 22:15:22
[SECURITY] Fedora 13 Update: firefox-3.6.12-1.fc13
2010-10-28 22:15:22
[SECURITY] Fedora 13 Update: galeon-2.0.7-35.fc13
2010-10-28 22:15:22
checkpoint_advisories
checkpoint_advisories
saint
saint
Mozilla Firefox document.write and DOM insertion memory corruption
2010-11-04 00:00:00
Mozilla Firefox document.write and DOM insertion memory corruption
2010-11-04 00:00:00
Mozilla Firefox document.write and DOM insertion memory corruption
2010-11-04 00:00:00
nvd
nvd
CVE-2010-3765
2010-10-28 00:00:05
cve
cve
CVE-2010-3765
2010-10-28 00:00:05
oraclelinux
oraclelinux
xulrunner security update
2010-10-28 00:00:00
firefox security update
2010-10-28 00:00:00
seamonkey security update
2010-10-28 00:00:00
seebug
seebug
Firefox Memory Corruption Proof of Concept (Simplified)
2010-10-29 00:00:00
Mozilla Firefox document.write()ζΉεΌε ζΊ’εΊζΌζ΄
2010-11-01 00:00:00
ubuntu
ubuntu
Firefox vulnerability
2010-10-28 00:00:00
Thunderbird vulnerability
2010-10-28 00:00:00
ubuntucve
ubuntucve
CVE-2010-3765
2010-10-27 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey buffer overflow
2010-11-01 00:00:00
Mozilla Foundation Security Advisory 2010-73
2010-11-01 00:00:00
packetstorm
packetstorm
Firefox Interleaving Denial Of Service
2010-10-28 00:00:00
Firefox Memory Corruption
2010-10-29 00:00:00
Mozilla Firefox Interleaving document.write / appendChild Code Execution
2011-02-19 00:00:00
centos
centos
firefox security update
2010-10-28 22:36:12
seamonkey security update
2010-10-28 22:32:32
thunderbird security update
2010-11-01 21:24:26
prion
prion
Memory corruption
2010-10-28 00:00:00
zdt
zdt
Firefox Memory Corruption Proof of Concept (Simplified)
2010-10-29 00:00:00
cvelist
cvelist
CVE-2010-3765
2010-10-27 22:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:47:44
mozilla
mozilla
Heap buffer overflow mixing document.write and DOM insertion β Mozilla
2010-10-27 00:00:00
canvas
canvas
Immunity Canvas: FIREFOX_APPENDCHILD
2010-10-28 00:00:00
exploitpack
exploitpack
Mozilla Firefox - Simplified Memory Corruption (PoC)
2010-10-28 00:00:00
osv
osv
xulrunner - several vulnerabilities
2010-11-01 00:00:00
debian
debian
[SECURITY] [DSA 2124-1] New Xulrunner packages fix several vulnerabilities
2010-11-01 20:38:35
suse
suse
remote code execution in MozillaFirefox,seamonkey,MozillaThunderbird
2010-11-08 11:27:17
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
10
Confidence
High
EPSS
0.969
Percentile
99.8%
Related for USN-1011-3