Xulrunner: New packages fix several vulnerabilities

Users of Xulrunner please be advised of a New Xulrunner packages fix several vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

DSA 2124-1: [DSA 2124-1] New Xulrunner packages fix several vulnerabilities
Several vulnerabilities have been discovered in Xulrunner, the

component that provides the core functionality of Iceweasel, Debian’s

variant of Mozilla’s browser technology.

Xulrunner allows remote attackers to execute arbitrary code

via vectors related to nsCSSFrameConstructor::ContentAppended,

the appendChild method, incorrect index tracking, and the

creation of multiple frames, which triggers memory corruption.


Multiple unspecified vulnerabilities in the browser engine in

Xulrunner allow remote attackers to cause a denial of service

(memory corruption and application crash) or possibly execute

arbitrary code via unknown vectors.
Read more at http://www.criticalwatch.com