Vulnerabilities > CVE-2009-1044 - Resource Management Errors vulnerability in Mozilla Firefox 3.0.7

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
mozilla
microsoft
CWE-399
critical
nessus

Summary

Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.

Vulnerable Configurations

Part Description Count
Application
Mozilla
1
OS
Microsoft
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-3161.NASL
    descriptionhttp://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37911
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37911
    titleFedora 10 : seamonkey-1.1.15-3.fc10 (2009-3161)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2009-3161.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(37911);
      script_version ("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:29");
    
      script_cve_id("CVE-2009-0352", "CVE-2009-0353", "CVE-2009-0357", "CVE-2009-0771", "CVE-2009-0772", "CVE-2009-0773", "CVE-2009-0774", "CVE-2009-0776", "CVE-2009-1044", "CVE-2009-1169");
      script_xref(name:"FEDORA", value:"2009-3161");
    
      script_name(english:"Fedora 10 : seamonkey-1.1.15-3.fc10 (2009-3161)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e868d512"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=483139"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=483141"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=483145"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=488272"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=488273"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=488276"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=488283"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=488290"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=492211"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=492212"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021891.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6122edd3"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected seamonkey package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(200, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:seamonkey");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/03/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^10([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 10.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC10", reference:"seamonkey-1.1.15-3.fc10")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-3099.NASL
    descriptionMozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36041
    published2009-03-30
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36041
    titleFedora 9 : Miro-2.0.3-2.fc9 / blam-1.8.5-7.fc9.1 / chmsee-1.0.1-10.fc9 / devhelp-0.19.1-10.fc9 / etc (2009-3099)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2009-3099.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(36041);
      script_version ("1.20");
      script_cvs_date("Date: 2019/08/02 13:32:29");
    
      script_cve_id("CVE-2009-1044", "CVE-2009-1169");
      script_bugtraq_id(34181, 34235);
      script_xref(name:"FEDORA", value:"2009-3099");
    
      script_name(english:"Fedora 9 : Miro-2.0.3-2.fc9 / blam-1.8.5-7.fc9.1 / chmsee-1.0.1-10.fc9 / devhelp-0.19.1-10.fc9 / etc (2009-3099)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Mozilla Firefox is an open source Web browser. XULRunner provides the
    XUL Runtime environment for Mozilla Firefox. A memory corruption flaw
    was discovered in the way Firefox handles XML files containing an XSLT
    transform. A remote attacker could use this flaw to crash Firefox or,
    potentially, execute arbitrary code as the user running Firefox.
    (CVE-2009-1169) A flaw was discovered in the way Firefox handles
    certain XUL garbage collection events. A remote attacker could use
    this flaw to crash Firefox or, potentially, execute arbitrary code as
    the user running Firefox. (CVE-2009-1044) This update also provides
    depending packages rebuilt against new Firefox version. Miro updates
    to upstream 2.0.3. Provides new features and fixes various bugs in
    1.2.x series
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021816.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7f9c1612"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021817.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b542ad2d"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021818.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a5d22176"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021819.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5c93b433"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021820.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?57053757"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021821.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?39789ca2"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021822.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f9ba7b21"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021823.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8a1e24b7"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021824.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?415d08fa"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021825.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e324b372"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021826.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?72b77952"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021827.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?fb476644"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021828.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?66395d66"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021829.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?508e9e80"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021830.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8f9e5fdc"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021831.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?283c9638"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021832.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4bb2129f"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021833.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ed31a681"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021853.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?17849551"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021854.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?92499e26"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021855.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7631ea4b"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021856.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?da6c76e7"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021857.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bfd1e5e2"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021858.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?38790867"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021859.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5f303152"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021860.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?dc18ed11"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021861.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?155eaa70"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021862.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bd569e79"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021863.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d1092d36"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021864.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?81530d6f"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021865.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?985bca7d"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021866.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?88ae8ebb"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021867.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8a88b845"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021868.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?485482d3"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021869.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f9d3c0ab"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021870.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d01ed437"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:Miro");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:blam");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chmsee");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:devhelp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:epiphany");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:epiphany-extensions");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:galeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnome-web-photo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:google-gadgets");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gtkmozembedmm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kazehakase");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mozvoikko");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mugshot");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:totem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xulrunner");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:yelp");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/03/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/03/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC9", reference:"Miro-2.0.3-2.fc9")) flag++;
    if (rpm_check(release:"FC9", reference:"blam-1.8.5-7.fc9.1")) flag++;
    if (rpm_check(release:"FC9", reference:"chmsee-1.0.1-10.fc9")) flag++;
    if (rpm_check(release:"FC9", reference:"devhelp-0.19.1-10.fc9")) flag++;
    if (rpm_check(release:"FC9", reference:"epiphany-2.22.2-9.fc9")) flag++;
    if (rpm_check(release:"FC9", reference:"epiphany-extensions-2.22.1-9.fc9")) flag++;
    if (rpm_check(release:"FC9", reference:"firefox-3.0.8-1.fc9")) flag++;
    if (rpm_check(release:"FC9", reference:"galeon-2.0.7-8.fc9")) flag++;
    if (rpm_check(release:"FC9", reference:"gnome-python2-extras-2.19.1-25.fc9")) flag++;
    if (rpm_check(release:"FC9", reference:"gnome-web-photo-0.3-19.fc9")) flag++;
    if (rpm_check(release:"FC9", reference:"google-gadgets-0.10.5-4.fc9")) flag++;
    if (rpm_check(release:"FC9", reference:"gtkmozembedmm-1.4.2.cvs20060817-27.fc9")) flag++;
    if (rpm_check(release:"FC9", reference:"kazehakase-0.5.6-1.fc9.5")) flag++;
    if (rpm_check(release:"FC9", reference:"mozvoikko-0.9.5-8.fc9")) flag++;
    if (rpm_check(release:"FC9", reference:"mugshot-1.2.2-7.fc9")) flag++;
    if (rpm_check(release:"FC9", reference:"totem-2.23.2-13.fc9")) flag++;
    if (rpm_check(release:"FC9", reference:"xulrunner-1.9.0.8-1.fc9")) flag++;
    if (rpm_check(release:"FC9", reference:"yelp-2.22.1-10.fc9")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Miro / blam / chmsee / devhelp / epiphany / epiphany-extensions / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_MOZILLAFIREFOX-090407.NASL
    descriptionThe Mozilla Firefox Browser was updated to the 3.0.8 release. It fixes several security issues : - Security researcher Nils reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id41353
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41353
    titleSuSE 11 Security Update : MozillaFirefox (SAT Patch Number 747)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-084.NASL
    descriptionSecurity vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Firefox 3.x, version 3.0.8 (CVE-2009-1044, CVE-2009-1169). This update provides the latest Mozilla Firefox 3.x to correct these issues. Additionally, some packages requiring it have also been rebuilt and are being provided as updates.
    last seen2020-06-01
    modified2020-06-02
    plugin id37253
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37253
    titleMandriva Linux Security Advisory : firefox (MDVSA-2009:084)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-3100.NASL
    descriptionA memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37824
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37824
    titleFedora 10 : Miro-2.0.3-2.fc10 / blam-1.8.5-8.fc10 / devhelp-0.22-6.fc10 / epiphany-2.24.3-4.fc10 / etc (2009-3100)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0398.NASL
    descriptionUpdated SeaMonkey packages that fix two security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A memory corruption flaw was discovered in the way SeaMonkey handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1169) A flaw was discovered in the way SeaMonkey handles certain XUL garbage collection events. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1044) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id36044
    published2009-03-30
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36044
    titleRHEL 2.1 / 3 / 4 : seamonkey (RHSA-2009:0398)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-0398.NASL
    descriptionFrom Red Hat Security Advisory 2009:0398 : Updated SeaMonkey packages that fix two security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A memory corruption flaw was discovered in the way SeaMonkey handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1169) A flaw was discovered in the way SeaMonkey handles certain XUL garbage collection events. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1044) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id67834
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67834
    titleOracle Linux 3 / 4 : seamonkey (ELSA-2009-0398)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-3101.NASL
    descriptionhttp://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36054
    published2009-03-31
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36054
    titleFedora 9 : seamonkey-1.1.15-3.fc9 (2009-3101)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0397.NASL
    descriptionUpdated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) For technical details regarding these flaws, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this errata. Firefox users should upgrade to these updated packages, which resolve these issues. For Red Hat Enterprise Linux 4, they contain backported patches to the firefox package. For Red Hat Enterprise Linux 5, they contain backported patches to the xulrunner packages. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id36043
    published2009-03-30
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36043
    titleRHEL 4 / 5 : firefox (RHSA-2009:0397)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-745-1.NASL
    descriptionIt was discovered that Firefox did not properly perform XUL garbage collection. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS and 8.10. (CVE-2009-1044) A flaw was discovered in the way Firefox performed XSLT transformations. If a user were tricked into opening a crafted XSL stylesheet, an attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1169). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id38148
    published2009-04-23
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38148
    titleUbuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : firefox, firefox-3.0, xulrunner-1.9 vulnerabilities (USN-745-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-0397.NASL
    descriptionFrom Red Hat Security Advisory 2009:0397 : Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) For technical details regarding these flaws, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this errata. Firefox users should upgrade to these updated packages, which resolve these issues. For Red Hat Enterprise Linux 4, they contain backported patches to the firefox package. For Red Hat Enterprise Linux 5, they contain backported patches to the xulrunner packages. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id67833
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67833
    titleOracle Linux 4 / 5 : firefox (ELSA-2009-0397)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_308.NASL
    descriptionThe installed version of Firefox is earlier than 3.0.8. Such versions are potentially affected by the following security issues : - An XSL transformation vulnerability can be leveraged with a specially crafted stylesheet to crash the browser or to execute arbitrary code. (MFSA 2009-12) - An error in the XUL tree method
    last seen2020-06-01
    modified2020-06-02
    plugin id36045
    published2009-03-30
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36045
    titleFirefox < 3.0.8 Multiple Vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1756.NASL
    descriptionSeveral remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1169 Security researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id36066
    published2009-04-01
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36066
    titleDebian DSA-1756-1 : xulrunner - multiple vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63402
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63402
    titleGLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_MOZILLAFIREFOX-090407.NASL
    descriptionThe Mozilla Firefox Browser was updated to the 3.0.8 release. It fixes several security issues : MFSA 2009-13 / CVE-2009-1044: Security researcher Nils reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id40171
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40171
    titleopenSUSE Security Update : MozillaFirefox (MozillaFirefox-745)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_MOZILLAFIREFOX-090407.NASL
    descriptionThe Mozilla Firefox Browser was updated to the 3.0.8 release. It fixes several security issues : MFSA 2009-13 / CVE-2009-1044: Security researcher Nils reported via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id39888
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39888
    titleopenSUSE Security Update : MozillaFirefox (MozillaFirefox-745)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-0398.NASL
    descriptionUpdated SeaMonkey packages that fix two security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A memory corruption flaw was discovered in the way SeaMonkey handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1169) A flaw was discovered in the way SeaMonkey handles certain XUL garbage collection events. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1044) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id36039
    published2009-03-30
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36039
    titleCentOS 3 : seamonkey (CESA-2009:0398)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-0397.NASL
    descriptionUpdated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) For technical details regarding these flaws, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this errata. Firefox users should upgrade to these updated packages, which resolve these issues. For Red Hat Enterprise Linux 4, they contain backported patches to the firefox package. For Red Hat Enterprise Linux 5, they contain backported patches to the xulrunner packages. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id43737
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43737
    titleCentOS 4 / 5 : firefox (CESA-2009:0397)

Oval

accepted2013-04-29T04:13:33.381-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionMozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
familyunix
idoval:org.mitre.oval:def:11368
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleMozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
version27

Redhat

advisories
  • rhsa
    idRHSA-2009:0397
  • rhsa
    idRHSA-2009:0398
rpms
  • firefox-0:3.0.7-3.el4
  • firefox-debuginfo-0:3.0.7-3.el4
  • xulrunner-0:1.9.0.7-3.el5
  • xulrunner-debuginfo-0:1.9.0.7-3.el5
  • xulrunner-devel-0:1.9.0.7-3.el5
  • xulrunner-devel-unstable-0:1.9.0.7-3.el5
  • seamonkey-0:1.0.9-0.32.el2
  • seamonkey-0:1.0.9-0.36.el3
  • seamonkey-0:1.0.9-40.el4
  • seamonkey-chat-0:1.0.9-0.32.el2
  • seamonkey-chat-0:1.0.9-0.36.el3
  • seamonkey-chat-0:1.0.9-40.el4
  • seamonkey-debuginfo-0:1.0.9-0.36.el3
  • seamonkey-debuginfo-0:1.0.9-40.el4
  • seamonkey-devel-0:1.0.9-0.32.el2
  • seamonkey-devel-0:1.0.9-0.36.el3
  • seamonkey-devel-0:1.0.9-40.el4
  • seamonkey-dom-inspector-0:1.0.9-0.32.el2
  • seamonkey-dom-inspector-0:1.0.9-0.36.el3
  • seamonkey-dom-inspector-0:1.0.9-40.el4
  • seamonkey-js-debugger-0:1.0.9-0.32.el2
  • seamonkey-js-debugger-0:1.0.9-0.36.el3
  • seamonkey-js-debugger-0:1.0.9-40.el4
  • seamonkey-mail-0:1.0.9-0.32.el2
  • seamonkey-mail-0:1.0.9-0.36.el3
  • seamonkey-mail-0:1.0.9-40.el4
  • seamonkey-nspr-0:1.0.9-0.32.el2
  • seamonkey-nspr-0:1.0.9-0.36.el3
  • seamonkey-nspr-devel-0:1.0.9-0.32.el2
  • seamonkey-nspr-devel-0:1.0.9-0.36.el3
  • seamonkey-nss-0:1.0.9-0.32.el2
  • seamonkey-nss-0:1.0.9-0.36.el3
  • seamonkey-nss-devel-0:1.0.9-0.32.el2
  • seamonkey-nss-devel-0:1.0.9-0.36.el3

Seebug

  • bulletinFamilyexploit
    descriptionBUGTRAQ ID: 34181 CVE(CAN) ID: CVE-2009-1044 Firefox是一款非常流行的开放源码WEB浏览器。 Firefox中XUL树方式_moveToEdgeShift在某些情况下可能会对仍在使用的对象触发垃圾收集例程,之后浏览器在试图访问之前已被释放的对象时会崩溃。攻击者可以利用这种崩溃在用户机器上执行任意指令。 Mozilla Firefox &lt; 3.0.8 Debian ------ Debian已经为此发布了一个安全公告(DSA-1756-1)以及相应补丁: DSA-1756-1:New xulrunner packages fix multiple vulnerabilities 链接:<a href=http://www.debian.org/security/2009/dsa-1756 target=_blank rel=external nofollow>http://www.debian.org/security/2009/dsa-1756</a> 补丁下载: Source archives: <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny2.dsc target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny2.dsc</a> Size/MD5 checksum: 1777 be107e8cce28d09395d6c2b0e2880e0b <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7.orig.tar.gz target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7.orig.tar.gz</a> Size/MD5 checksum: 43683292 f49b66c10e021debdfd9cd3705847d9b <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny2.diff.gz target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny2.diff.gz</a> Size/MD5 checksum: 115665 4886b961a24c13d9017e8f261b7a4ad4 Architecture independent packages: <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.7-0lenny2_all.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.7-0lenny2_all.deb</a> Size/MD5 checksum: 1480030 c12b4d6d534c0f12ec8e19760ca52a9b amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_amd64.deb</a> Size/MD5 checksum: 69048 cbcfc3f9addacdd2a6641980876910f1 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_amd64.deb</a> Size/MD5 checksum: 7725982 c5075bc0634cb5b2cfc8b64649f9511e <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_amd64.deb</a> Size/MD5 checksum: 3587626 1ce3de601c764c9bfb0c3998566f2baa <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_amd64.deb</a> Size/MD5 checksum: 887434 d373f8ed294bc6184a188bc820e04d6b <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_amd64.deb</a> Size/MD5 checksum: 220394 8ac87390e12115281d335b8773fb5733 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_amd64.deb</a> Size/MD5 checksum: 152152 76761d21f53d017af1ff349e528664ea <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_amd64.deb</a> Size/MD5 checksum: 372048 ba88e43241ab33621169f2e352bdf634 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_amd64.deb</a> Size/MD5 checksum: 50084206 d44a3028e5049f2b8051a5f6ed632fe6 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_amd64.deb</a> Size/MD5 checksum: 100434 d20e7c595e15ca0831d62d13d19c9d25 arm architecture (ARM) <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_arm.deb</a> Size/MD5 checksum: 814182 2fe30b4c614a8dad20d6daa5e8156193 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_arm.deb</a> Size/MD5 checksum: 83324 b2b5e1e0850ceb17bf60471435a751f8 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_arm.deb</a> Size/MD5 checksum: 6786494 017302b5a56bdd55d3d1ffe18bd61832 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_arm.deb</a> Size/MD5 checksum: 49032638 2343b97ac1a895a00c65d7c7d4854bf3 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_arm.deb</a> Size/MD5 checksum: 67078 5891e17e7a7abe4b9b3ff3b06d1c5bf8 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_arm.deb</a> Size/MD5 checksum: 348306 7cacc5c36e3139afa7e93cce23e55bdc <a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_arm.deb</a> Size/MD5 checksum: 141074 ddfcdb101f24b626caede43f36667ebb <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_arm.deb</a> Size/MD5 checksum: 222552 099c35e0a9fc845e12d97e05dc5cefbe <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_arm.deb</a> Size/MD5 checksum: 3577622 a45883aa5a860e9ceaccd1507b1e2b4d hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_hppa.deb</a> Size/MD5 checksum: 106132 b21e7b60ef507b75d4e75cecf01507b4 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_hppa.deb</a> Size/MD5 checksum: 409632 8ad83b2450a8224287708d08fb0e3349 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_hppa.deb</a> Size/MD5 checksum: 222406 cc644de6ffb2987c4d3290760d851c3f <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_hppa.deb</a> Size/MD5 checksum: 50959494 30e6201361ab450cce9c1ae5767b7d00 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_hppa.deb</a> Size/MD5 checksum: 900224 98b504ea16f93598810cff8dd753c7cc <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_hppa.deb</a> Size/MD5 checksum: 3625060 bb06476c2dfef959c573a67f910f500a <a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_hppa.deb</a> Size/MD5 checksum: 71008 d61063712c37cfde51b3944f1dbd311f <a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_hppa.deb</a> Size/MD5 checksum: 157864 c9b9587d5b0582b35a1ccff76445f13f <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_hppa.deb</a> Size/MD5 checksum: 9487824 ebcb840996d1d69d6836e6d1aec2f81d i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_i386.deb</a> Size/MD5 checksum: 6581370 480961b3e126e36c1d4087df2c2fb6d9 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_i386.deb</a> Size/MD5 checksum: 141498 729642753ad2a51d17983b3583f740b6 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_i386.deb</a> Size/MD5 checksum: 3572938 f0bf3224b2c681417ba6dd8dcac5f96d <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_i386.deb</a> Size/MD5 checksum: 846308 06e3b0690f2f3a868375f4d58a7b8614 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_i386.deb</a> Size/MD5 checksum: 348812 acc2f219abb68286432720315861ed53 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_i386.deb</a> Size/MD5 checksum: 82002 77b4ffe73322bf5ead4bc24ee3fc76d2 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_i386.deb</a> Size/MD5 checksum: 222556 85fee1ce9133cb7ab9ce99f62b70e447 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_i386.deb</a> Size/MD5 checksum: 67810 0eb6b02984351fa3bf02640d7ff1d4e6 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_i386.deb</a> Size/MD5 checksum: 49248242 64fb21f6c3a2411743222fc26e304b76 ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_ia64.deb</a> Size/MD5 checksum: 49419026 7cb040fbbef113cd5c8a1c5c443df6fd <a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_ia64.deb</a> Size/MD5 checksum: 179458 82249a7cb150fce22af5f5681d3164fe <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_ia64.deb</a> Size/MD5 checksum: 11270206 be3c0b80f22210fa2a53236cbde9ceb9 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_ia64.deb</a> Size/MD5 checksum: 538492 e75c766e0666c1604805f8c4c97cc256 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_ia64.deb</a> Size/MD5 checksum: 75446 94f2c55150101f7a5811c9429364bd1b <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_ia64.deb</a> Size/MD5 checksum: 222198 62ba8960b8326d21523dc7c76cc1f9d8 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_ia64.deb</a> Size/MD5 checksum: 808982 3038817adea449b7715164cad73a5f16 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_ia64.deb</a> Size/MD5 checksum: 3391518 26decf00e4fb05e3dbfc61c9dd933f5b <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_ia64.deb</a> Size/MD5 checksum: 120932 e3af6d0b86f8d21a9fbb43986a5c79b3 mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_mips.deb</a> Size/MD5 checksum: 914808 749779b5620ceffb2845ac170699a866 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_mips.deb</a> Size/MD5 checksum: 221900 63c93f91cf4ee34e307bd06c5675c460 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_mips.deb</a> Size/MD5 checksum: 377372 1c527a4b63e3eb729124f54764261310 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_mips.deb</a> Size/MD5 checksum: 51596012 c6b8d6fed635039a75e553a59164b0de <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_mips.deb</a> Size/MD5 checksum: 7652050 4464324acfeaf2019722f4bddc980a64 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_mips.deb</a> Size/MD5 checksum: 144160 3217dab8582a83c2e8db5ed0a2894c9a <a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_mips.deb</a> Size/MD5 checksum: 69328 7d17be8a925e42469ce3d46009eb0437 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_mips.deb</a> Size/MD5 checksum: 3607854 683f1204c14aa14f72927e2babf2afc2 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_mips.deb</a> Size/MD5 checksum: 96506 95148e457d3a554935ae2771553378d8 mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_mipsel.deb</a> Size/MD5 checksum: 896502 7293da4f42af7c5faadaff3d00e024ad <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_mipsel.deb</a> Size/MD5 checksum: 222202 8ab7c65e1b6e67481b885951bf7b06ee <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_mipsel.deb</a> Size/MD5 checksum: 96170 02b28ff5c4af5b3c5ab241e6ada57895 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_mipsel.deb</a> Size/MD5 checksum: 144424 34f4f9236099f217f309dd3404cd32fc <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_mipsel.deb</a> Size/MD5 checksum: 375064 c324513cb22e6bf942308fec5d6ffc44 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_mipsel.deb</a> Size/MD5 checksum: 3303026 c9f09e3ac15cea9522e16d7606832417 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_mipsel.deb</a> Size/MD5 checksum: 7359744 20955f26918492c6060f5196608cecca <a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_mipsel.deb</a> Size/MD5 checksum: 68948 e564d5ad298fa7f2eb43c3d142421b23 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_mipsel.deb</a> Size/MD5 checksum: 49718170 f305c87d9f9f0a4bb25c782fbca0e553 powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_powerpc.deb</a> Size/MD5 checksum: 51145940 d4450ede3188d085537b34912a130fc8 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_powerpc.deb</a> Size/MD5 checksum: 222214 a193661cfee9a9baf937e51fa8927852 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_powerpc.deb</a> Size/MD5 checksum: 7259520 7a5a2eb42cf43a3859c886f6604e7bb0 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_powerpc.deb</a> Size/MD5 checksum: 94176 0f27b080d4ef6e907e97926d9bde09d8 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_powerpc.deb</a> Size/MD5 checksum: 151634 eb3b55bb033dd21e3a395b5455fed3a3 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_powerpc.deb</a> Size/MD5 checksum: 72114 856bcc9a079008a00f502c037f7e075b <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_powerpc.deb</a> Size/MD5 checksum: 3278706 141fbb356a9b0ee7ddee52b32b250021 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_powerpc.deb</a> Size/MD5 checksum: 359602 e678dd18f6fac0aad286a5d455e6d84f <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_powerpc.deb</a> Size/MD5 checksum: 885062 6682354b8d0e8f25e6897bcfee801579 s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_s390.deb</a> Size/MD5 checksum: 50926930 5066e277c6bb2f1435cd92ba4c09dc8f <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_s390.deb</a> Size/MD5 checksum: 222190 c62253da00b92ab339f524ef6d525767 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_s390.deb</a> Size/MD5 checksum: 404064 4f0c71caf3242ca9f1878ac6df71b414 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_s390.deb</a> Size/MD5 checksum: 104972 ecefd67cf04623d0bd9deb66645ece52 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_s390.deb</a> Size/MD5 checksum: 155536 33869ff68336fde0594bb45661f85c03 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_s390.deb</a> Size/MD5 checksum: 3300930 9cf7bde0ab1e0c507566a88fd2a6562f <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_s390.deb</a> Size/MD5 checksum: 906248 a03086436351f5085905acd1d4084f40 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_s390.deb</a> Size/MD5 checksum: 8371150 b731e930186033123c928eeb52c186ba <a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_s390.deb</a> Size/MD5 checksum: 71936 426ddd3166525fdf235448bddcba413b sparc architecture (Sun SPARC/UltraSPARC) <a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_sparc.deb</a> Size/MD5 checksum: 68258 8c14ad467b7a590f0262ad0636b7a90b <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_sparc.deb</a> Size/MD5 checksum: 87020 d7241f5f6ae1a92e9bfe819955c42b88 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_sparc.deb</a> Size/MD5 checksum: 3571244 a50b84de8fe3f268e33882b5b325945d <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_sparc.deb</a> Size/MD5 checksum: 817342 554bd07b8f90071d36ac57c01c24b6a9 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_sparc.deb</a> Size/MD5 checksum: 220812 1edcd284a1520e8fdfdf68f015dd2211 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_sparc.deb</a> Size/MD5 checksum: 7152698 d33c5b929d5d98a02f0ce021b5bb1531 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_sparc.deb</a> Size/MD5 checksum: 346378 e617288c62da4165ed5230adbc9d7890 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_sparc.deb</a> Size/MD5 checksum: 141340 606be0ab05095515bbb3070d7543e1ca <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_sparc.deb</a> Size/MD5 checksum: 49112986 1c799dc5e9059379adadf2380bf5d0e2 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.mozilla.org/ target=_blank rel=external nofollow>http://www.mozilla.org/</a> RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2009:0397-01)以及相应补丁: RHSA-2009:0397-01:Critical: firefox security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2009-0397.html target=_blank rel=external nofollow>https://www.redhat.com/support/errata/RHSA-2009-0397.html</a>
    idSSV:4974
    last seen2017-11-19
    modified2009-04-01
    published2009-04-01
    reporterRoot
    titleFirefox _moveToEdgeShift方式远程代码执行漏洞
  • bulletinFamilyexploit
    descriptionBUGTRAQ ID: 34181 CVE ID:CVE-2009-1044 CNCVE ID:CNCVE-20091044 Mozilla Firefox是一款开放源码WEB浏览器。 Mozilla Firefox处理XUL树方法_moveToEdgeShift()存在缺陷,远程攻击者可以利用漏洞以应用程序上下文执行任意代码。 在部分情况下,XUL树方法_moveToEdgeShift()会在当前仍旧在使用的对象上执行垃圾收集例程,在这个情况下,当尝试访问之前破坏的对象时浏览器会崩溃,攻击者可以利用这个崩溃在目标用户系统上执行任意代码。 Mozilla Firefox < 3.0.8 升级到Mozilla Firefox 3.0.8版本 <a href=http://www.mozilla.com/en-US/ target=_blank rel=external nofollow>http://www.mozilla.com/en-US/</a>
    idSSV:4999
    last seen2017-11-19
    modified2009-04-04
    published2009-04-04
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-4999
    titleMozilla Firefox '_moveToEdgeShift' 远程代码执行漏洞

References