Debian: DSA-1306-1 Critical: Xulrunner Execution and DoS Risks Fix
debian
June 12, 2007
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications
Summary
Nicolas Derouet discovered that Xulrunner performs insufficient
validation of cookies, which could lead to denial of service.
CVE-2007-2867
Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn
Wargers and Olli Pettay discovered crashes in the layout engine, which
might allow the execution of arbitrary code.
CVE-2007-2868
Brendan Eich, Igor Bukanov, Jesse Ruderman, moz_bug_r_a4 and Wladimir
Palant discovered crashes in the Javascript engine, which might allow
the execution of arbitrary code.
CVE-2007-2869
"Marcel" discovered that malicous web sites can cause massive
ressource comsumption through the auto completion feature, resulting
in denial of service.
CVE-2007-2870
"moz_bug_r_a4" discovered that adding an event listener through the
addEventListener() function allows cross-site scripting.
CVE-2007-2871
Chris Thomas discovered that XUL popups can can be abused for spoofing
or phishing att...
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!