Description: | Description: The remote host is missing an update to xulrunner announced via advisory DSA 2027-1.
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-0174
Jesse Ruderman and Ehsan Akhgari discovered crashes in the layout engine, which might allow the execution of arbitrary code.
CVE-2010-0175
It was discovered that incorrect memory handling in the XUL event handler might allow the execution of arbitrary code.
CVE-2010-0176
It was discovered that incorrect memory handling in the XUL event handler might allow the execution of arbitrary code.
CVE-2010-0177
It was discovered that incorrect memory handling in the plugin code might allow the execution of arbitrary code.
CVE-2010-0178
Paul Stone discovered that forced drag-and-drop events could lead to Chrome privilege escalation.
CVE-2010-0179
It was discovered that a programming error in the XMLHttpRequestSpy module could lead to the execution of arbitrary code.
For the stable distribution (lenny), these problems have been fixed in version 1.9.0.19-1.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your xulrunner packages.
Solution: https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202027-1
CVSS Score: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
|