Xulrunner: New packages fix several vulnerabilities

Users of Xulrunner please be advised of a New Xulrunner packages fix several vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

DSA 2124-1: [DSA 2124-1] New Xulrunner packages fix several vulnerabilities
Several vulnerabilities have been discovered in Xulrunner, the

component that provides the core functionality of Iceweasel, Debian’s

variant of Mozilla’s browser technology.
CVE-2010-3765

Xulrunner allows remote attackers to execute arbitrary code

via vectors related to nsCSSFrameConstructor::ContentAppended,

the appendChild method, incorrect index tracking, and the

creation of multiple frames, which triggers memory corruption.
CVE-2010-3174

CVE-2010-3176

Multiple unspecified vulnerabilities in the browser engine in

Xulrunner allow remote attackers to cause a denial of service

(memory corruption and application crash) or possibly execute

arbitrary code via unknown vectors.
Read more at http://www.criticalwatch.com
 

Advertisements