Säkerhetsbulletin från Debian

DSA-1345-1 xulrunner -- flera sårbarheter

Rapporterat den:
2007-08-04
Berörda paket:
xulrunner
Sårbara:
Ja
Referenser i säkerhetsdatabaser:
I Mitres CVE-förteckning: CVE-2007-3844, CVE-2007-3845.
Ytterligare information:

Flera utifrån nåbara sårbarheter har upptäckts i Xulrunner, en körtidsmiljö för XUL-program. Projektet Common Vulnerabilities and Exposures identifierar följande problem:

  • CVE-2007-3844

    moz_bug_r_a4 upptäckte ett återuppstått fel i hanteringen av about:blank-fönster som används av tillägg, vilket kunde leda till att en angripare kunde ändra innehållet på webbplatser.

  • CVE-2007-3845

    Jesper Johansson upptäckte att saknad städning av dubbla citattecken och blanksteg i URI:er som sänds från externa program kunde göra det möjligt för en angripare att sända godtyckliga argument till hjälpprogram om användaren luras att öppna en felformad webbsida.

Den gamla stabila utgåvan (Sarge) innehåller inte xulrunner.

För den stabila utgåvan (Etch) har dessa problem rättats i version 1.8.0.13~pre070720-0etch3.

För den instabila utgåvan (Sid) har dessa problem rättats i version 1.8.1.6-1.

Vi rekommenderar att ni uppgraderar era xulrunner-paket.

Rättat i:

Debian GNU/Linux 4.0 (etch)

Källkod:
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3.dsc
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3.diff.gz
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720.orig.tar.gz
Arkitekturoberoende komponent:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.13~pre070720-0etch3_all.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.13~pre070720-0etch3_all.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.13~pre070720-0etch3_all.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.13~pre070720-0etch3_all.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.13~pre070720-0etch3_all.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.13~pre070720-0etch3_all.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.13~pre070720-0etch3_all.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.13~pre070720-0etch3_all.deb
Alpha:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_alpha.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_amd64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_arm.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_arm.deb
HPPA:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_hppa.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_i386.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_ia64.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_ia64.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_mipsel.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_powerpc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_s390.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_sparc.deb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.