Säkerhetsbulletin från Debian
DSA-1885-1 xulrunner -- flera sårbarheter
- Rapporterat den:
- 2009-09-14
- Berörda paket:
- xulrunner
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Mitres CVE-förteckning: CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075, CVE-2009-3076, CVE-2009-3077, CVE-2009-3078.
- Ytterligare information:
-
Flera utifrån nåbara sårbarheter har upptäckts i Xulrunner, en körtidsmiljö för XUL-applikationer, såsom webbläsaren Iceweasel. Projektet Common Vulnerabilities and Exposures identifierar följande problem:
- CVE-2009-3070
Jesse Ruderman upptäckte krascher i layoutmotorn, som kan tillåta exekvering av godtycklig kod.
- CVE-2009-3071
Daniel Holbert, Jesse Ruderman, Olli Pettay och "toshi" upptäckte krascher i layoutmotorn, som kan tillåta exekvering av godtycklig kod.
- CVE-2009-3072
Josh Soref, Jesse Ruderman och Martin Wargers upptäckte krascher i layoutmotorn, som kan tillåta exekvering av godtycklig kod.
- CVE-2009-3074
Jesse Ruderman upptäckte en krasch i Javascriptmotorn, som kan tillåta exekvering av godtycklig kod.
- CVE-2009-3075
Carsten Book och "Taral" upptäckte krascher i layoutmotorn, som kan tillåta exekvering av godtycklig kod.
- CVE-2009-3076
Jesse Ruderman upptäckte att användargränssnittet för att installera/ta bort säkerhetsmodulerna PCKS #11 inte var tillräckligt informativt, vilket kunde tillåta bondfångeri (
social engineering attacks
). - CVE-2009-3077
Det upptäcktes att felaktig pekarhantering i XUL-tolkaren kunde leda till exekvering av godtycklig kod.
- CVE-2009-3078
Juan Pablo Lopez Yacubian upptäckte att felaktig visning av några Unicodetypsnittstecken kunde leda till imitationsangrepp på platsfältet.
För den stabila utgåvan (Lenny) har dessa problem rättats i version 1.9.0.14-0lenny1.
Precis som nämndes i versionsfakta för Etch, behövdes säkerhetsstödet för Mozilla-produkterna i den gamla stabila utgåvan avslutas innan slutet av den ordinarie livscykeln för säkerhetsarbetet för Etch. Ni uppmanas starkt att uppgradera till den stabila utgåvan eller byta till en webbläsare som fortfarande stöds.
För den instabila utgåvan (Sid) har dessa problem rättats i version 1.9.0.14-1.
För den experimentella utgåvan har dessa problem rättats i version 1.9.1.3-1.
Vi rekommenderar att ni uppgraderar ert xulrunner-paket.
- CVE-2009-3070
- Rättat i:
-
Debian GNU/Linux 5.0 (lenny)
- Källkod:
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.14.orig.tar.gz
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.14-0lenny1.dsc
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.14-0lenny1.diff.gz
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.14-0lenny1.dsc
- Arkitekturoberoende komponent:
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.14-0lenny1_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.14-0lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.14-0lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.14-0lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.14-0lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_arm.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_arm.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_arm.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_arm.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_arm.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_arm.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.14-0lenny1_arm.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.14-0lenny1_arm.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_arm.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_arm.deb
- ARM EABI:
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_armel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_armel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.14-0lenny1_armel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.14-0lenny1_armel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_armel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_armel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_armel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_armel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_armel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_armel.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.14-0lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.14-0lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.14-0lenny1_i386.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_i386.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.14-0lenny1_i386.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_i386.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_i386.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_i386.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_i386.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_i386.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_i386.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.14-0lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.14-0lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_mips.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_mips.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_mips.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_mips.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_mips.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.14-0lenny1_mips.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_mips.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_mips.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.14-0lenny1_mips.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.14-0lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.14-0lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.14-0lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.14-0lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.14-0lenny1_s390.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_s390.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_s390.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_s390.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_s390.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_s390.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_s390.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.14-0lenny1_s390.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_s390.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.14-0lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.14-0lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.