sdkp3-mozilla-xulrunner190Security update for Mozilla XULrunner
Mozilla XULRunner was updated to version 1.9.0.19 fixing lots of bugs and security issues.
Following security issues were fixed:
MFSA 2010-16: Mozilla developers identified and fixed several stability bugs in
the browser engine used in Firefox and other Mozilla-based products. Some of
these crashes showed evidence of memory corruption under certain circumstances,
and we presume that with enough effort at least some of these could be
exploited to run arbitrary code.
References
Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser
engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173)
Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported
versions of the browser engine. (CVE-2010-0174)
MFSA 2010-17 / CVE-2010-0175:
Security researcher regenrecht reported via TippingPoint's Zero Day Initiative
that a select event handler for XUL tree items could be called after the tree
item was deleted. This results in the execution of previously freed memory
which an attacker could use to crash a victim's browser and run arbitrary code
on the victim's computer.
MFSA 2010-18 / CVE-2010-0176: Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative an error in the way option elements are
inserted into a XUL tree optgroup. In certain cases, the number of references
to an option element is under-counted so that when the element is deleted, a
live pointer to its old location is kept around and may later be used. An
attacker could potentially use these conditions to run arbitrary code on a
victim's computer.
MFSA 2010-19 / CVE-2010-0177: Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative an error in the implementation of the
window.navigator.plugins object. When a page reloads, the plugins array would
reallocate all of its members without checking for existing references to each
member. This could result in the deletion of objects for which valid pointers
still exist. An attacker could use this vulnerability to crash a victim's
browser and run arbitrary code on the victim's machine.
MFSA 2010-20 / CVE-2010-0178: Security researcher Paul Stone reported that a
browser applet could be used to turn a simple mouse click into a drag-and-drop
action, potentially resulting in the unintended loading of resources in a
user's browser. This behavior could be used twice in succession to first load a
privileged chrome: URL in a victim's browser, then load a malicious javascript:
URL on top of the same document resulting in arbitrary script execution with
chrome privileges.
MFSA 2010-21 / CVE-2010-0179: Mozilla security researcher moz_bug_r_a4 reported
that the XMLHttpRequestSpy module in the Firebug add-on was exposing an
underlying chrome privilege escalation vulnerability. When the
XMLHttpRequestSpy object was created, it would attach various properties of
itself to objects defined in web content, which were not being properly wrapped
to prevent their exposure to chrome privileged objects. This could result in an
attacker running arbitrary JavaScript on a victim's machine, though it required
the victim to have Firebug installed, so the overall severity of the issue was
determined to be High.
MFSA 2010-22 / CVE-2009-3555: Mozilla developers added support in the Network
Security Services module for preventing a type of man-in-the-middle attack
against TLS using forced renegotiation.
Note that to benefit from the fix, Firefox 3.6 and Firefox 3.5 users will need
to set their security.ssl.require_safe_negotiation preference to true. Firefox
3 does not contain the fix for this issue.
MFSA 2010-23 / CVE-2010-0181: phpBB developer Henry Sudhof reported that when
an image tag points to a resource that redirects to a mailto: URL, the external
mail handler application is launched. This issue poses no security threat to
users but could create an annoyance when browsing a site that allows users to
post arbitrary images.
MFSA 2010-24 / CVE-2010-0182: Mozilla community member Wladimir Palant reported
that XML documents were failing to call certain security checks when loading
new content. This could result in certain resources being loaded that would
otherwise violate security policies set by the browser or installed add-ons.
securitymozilla-xulrunner190-develx86_6465085c32c844aa90f99d91a18536dc1dffba2ed0python-xpcom190x86_640dbc78222c50ceff67ea3c0655fd339549db53eb