Debians sikkerhedsbulletin

DSA-1345-1 xulrunner -- flere sårbarheder

Rapporteret den:
4. aug 2007
Berørte pakker:
xulrunner
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Mitres CVE-ordbog: CVE-2007-3844, CVE-2007-3845.
Yderligere oplysninger:

Flere fjernudnytbare sårbarheder er opdaget i Xulrunner, et runtime-miljø til XUL-programmer. Projektet Common Vulnerabilities and Exposures har fundet frem til følgende problemer:

  • CVE-2007-3844

    moz_bug_r_a4 opdagede at en regression i håndteringen af about:blank-vinduer anvendt af tilføjelsesprogrammer, kunne føre til at en angriber kunne ændre websteders indhold.

  • CVE-2007-3845

    Jesper Johansson opdagede at manglende fornuftighedskontrol af dobbelte anførselstegn og mellemrum i URI'er overført til eksterne programmer, kunne gøre det muligt for en angriber at overføre vilkårlige parametre til hjælpeprogrammet, hvis brugeren blev narret til at åbne en misdannet webside.

Den gamle stabile distribution (sarge) indeholder ikke xulrunner.

I den stabile distribution (etch) er disse problemer rettet i version 1.8.0.13~pre070720-0etch3.

I den ustabile distribution (sid) er disse problemer rettet i version 1.8.1.6-1.

Vi anbefaler at du opgraderer dine xulrunner-pakker.

Rettet i:

Debian GNU/Linux 4.0 (etch)

Kildekode:
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3.dsc
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3.diff.gz
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720.orig.tar.gz
Arkitekturuafhængig komponent:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.13~pre070720-0etch3_all.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.13~pre070720-0etch3_all.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.13~pre070720-0etch3_all.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.13~pre070720-0etch3_all.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.13~pre070720-0etch3_all.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.13~pre070720-0etch3_all.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.13~pre070720-0etch3_all.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.13~pre070720-0etch3_all.deb
Alpha:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_arm.deb
HPPA:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_ia64.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.