LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2010-11345 (xulrunner)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 13 Update: xulrunner-1.9.2.7-1.fc13 


Date:
    	      Fri, 23 Jul 2010 02:37:40 +0000


Message-ID:
    	      <20100723023740.2C262110B77@bastion02.phx2.fedoraproject.org>


Archive-link:
    	      Article, Thread
              


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-11345
2010-07-23 01:56:20
--------------------------------------------------------------------------------

Name        : xulrunner
Product     : Fedora 13
Version     : 1.9.2.7
Release     : 1.fc13
URL         : http://developer.mozilla.org/En/XULRunner
Summary     : XUL Runtime for Gecko Applications
Description :
XULRunner provides the XUL Runtime environment for Gecko applications.

--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.6.7, fixing multiple security issues
detailed in the upstream advisories:    http://www.mozilla.org/security/known-
vulnerabilities/firefox36.html#firefox3.6.7    Update also includes all packages
depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
CVE-2010-1211 CVE-2010-1212 CVE-2010-1208 CVE-2010-1209 CVE-2010-1214
CVE-2010-1215 CVE-2010-2752 CVE-2010-2753 CVE-2010-1205 CVE-2010-1213
CVE-2010-1207 CVE-2010-1210 CVE-2010-1206 CVE-2010-2751 CVE-2010-0654
CVE-2010-2754
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 20 2010 Jan Horak <jhorak@redhat.com> - 1.9.2.7-1
- Update to 1.9.2.7
* Wed Jun 30 2010 Jan Horak <jhorak@redhat.com> - 1.9.2.6-1
- Update to 1.9.2.6
* Tue Jun 22 2010 Jan Horak <jhorak@redhat.com> - 1.9.2.4-1
- Update to 1.9.2.4
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #615455 - CVE-2010-1211 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=615455
  [ 2 ] Bug #615456 - CVE-2010-1212 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=615456
  [ 3 ] Bug #615458 - CVE-2010-1208 Mozilla DOM attribute cloning remote code execution
vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=615458
  [ 4 ] Bug #615459 - CVE-2010-1209 Mozilla Use-after-free error in NodeIterator
        https://bugzilla.redhat.com/show_bug.cgi?id=615459
  [ 5 ] Bug #615462 - CVE-2010-1214 Mozilla Plugin parameter EnsureCachedAttrParamArrays remote
code execution vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=615462
  [ 6 ] Bug #615463 - CVE-2010-1215 Mozilla Arbitrary code execution using SJOW and fast native
function
        https://bugzilla.redhat.com/show_bug.cgi?id=615463
  [ 7 ] Bug #615464 - CVE-2010-2752 Mozilla nsCSSValue::Array index integer overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=615464
  [ 8 ] Bug #615466 - CVE-2010-2753 Mozilla nsTreeSelection dangling pointer remote code execution
vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=615466
  [ 9 ] Bug #608238 - CVE-2010-1205 libpng: out-of-bounds memory write
        https://bugzilla.redhat.com/show_bug.cgi?id=608238
  [ 10 ] Bug #615471 - CVE-2010-1213 Mozilla Cross-origin data disclosure via Web Workers and
importScripts
        https://bugzilla.redhat.com/show_bug.cgi?id=615471
  [ 11 ] Bug #615472 - CVE-2010-1207 Mozilla Same-origin bypass using canvas context
        https://bugzilla.redhat.com/show_bug.cgi?id=615472
  [ 12 ] Bug #615474 - CVE-2010-1210 Mozilla Characters mapped to U+FFFD in 8 bit encodings cause
subsequent character to vanish
        https://bugzilla.redhat.com/show_bug.cgi?id=615474
  [ 13 ] Bug #608763 - CVE-2010-1206 Firefox: Spoofing attacks via vectors involving 'No Content'
status code or via a windows.stop call
        https://bugzilla.redhat.com/show_bug.cgi?id=608763
  [ 14 ] Bug #615480 - CVE-2010-2751 Mozilla SSL spoofing with history.back() and
history.forward()
        https://bugzilla.redhat.com/show_bug.cgi?id=615480
  [ 15 ] Bug #568231 - CVE-2010-0654 firefox: cross-domain information disclosure
        https://bugzilla.redhat.com/show_bug.cgi?id=568231
  [ 16 ] Bug #615488 - CVE-2010-2754 Mozilla Cross-origin data leakage from script filename in
error messages
        https://bugzilla.redhat.com/show_bug.cgi?id=615488
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update xulrunner' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds