Vulnerabilities > CVE-2009-1169 - Resource Management Errors vulnerability in Mozilla Firefox
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform. Per: http://www.securityfocus.com/bid/34235/info Mozilla Firefox is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected browser. Failed exploit attempt will result in a denial-of-service condition.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Mozilla Firefox XSL Parsing Remote Memory Corruption PoC 0day. CVE-2009-1169. Dos exploits for multiple platform |
| file | exploits/multiple/dos/8285.txt |
| id | EDB-ID:8285 |
| last seen | 2016-02-01 |
| modified | 2009-03-25 |
| platform | multiple |
| port | |
| published | 2009-03-25 |
| reporter | Guido Landi |
| source | https://www.exploit-db.com/download/8285/ |
| title | Mozilla Firefox XSL - Parsing Remote Memory Corruption PoC 0day |
| type | dos |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2009-3161.NASL description http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37911 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37911 title Fedora 10 : seamonkey-1.1.15-3.fc10 (2009-3161) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2009-3161. # include("compat.inc"); if (description) { script_id(37911); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:29"); script_cve_id("CVE-2009-0352", "CVE-2009-0353", "CVE-2009-0357", "CVE-2009-0771", "CVE-2009-0772", "CVE-2009-0773", "CVE-2009-0774", "CVE-2009-0776", "CVE-2009-1044", "CVE-2009-1169"); script_xref(name:"FEDORA", value:"2009-3161"); script_name(english:"Fedora 10 : seamonkey-1.1.15-3.fc10 (2009-3161)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e868d512" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=483139" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=483141" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=483145" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=488272" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=488273" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=488276" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=488283" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=488290" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=492211" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=492212" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021891.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6122edd3" ); script_set_attribute( attribute:"solution", value:"Update the affected seamonkey package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(200, 264, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:seamonkey"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:10"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^10([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 10.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC10", reference:"seamonkey-1.1.15-3.fc10")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey"); }NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-6187.NASL description The Mozilla Firefox Browser was refreshed to the current MOZILLA_1_8 branch state around fix level 2.0.0.22. Security issues identified as being fixed are: MFSA 2009-01 / CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2009-07 / CVE-2009-0772 / CVE-2009-0774) - Mozilla security researcher Georgi Guninski reported that a website could use nsIRDFService and a cross-domain redirect to steal arbitrary XML data from another domain, a violation of the same-origin policy. This vulnerability could be used by a malicious website to steal private data from users authenticated to the redirected website. (MFSA 2009-09 / CVE-2009-0776) - Google security researcher Tavis Ormandy reported several memory safety hazards to the libpng project, an external library used by Mozilla to render PNG images. These vulnerabilities could be used by a malicious website to crash a victim last seen 2020-06-01 modified 2020-06-02 plugin id 41467 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/41467 title SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 6187) NASL family Fedora Local Security Checks NASL id FEDORA_2009-3099.NASL description Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36041 published 2009-03-30 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36041 title Fedora 9 : Miro-2.0.3-2.fc9 / blam-1.8.5-7.fc9.1 / chmsee-1.0.1-10.fc9 / devhelp-0.19.1-10.fc9 / etc (2009-3099) NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLAFIREFOX-090407.NASL description The Mozilla Firefox Browser was updated to the 3.0.8 release. It fixes several security issues : - Security researcher Nils reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 41353 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41353 title SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 747) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-084.NASL description Security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Firefox 3.x, version 3.0.8 (CVE-2009-1044, CVE-2009-1169). This update provides the latest Mozilla Firefox 3.x to correct these issues. Additionally, some packages requiring it have also been rebuilt and are being provided as updates. last seen 2020-06-01 modified 2020-06-02 plugin id 37253 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37253 title Mandriva Linux Security Advisory : firefox (MDVSA-2009:084) NASL family Fedora Local Security Checks NASL id FEDORA_2009-3100.NASL description A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37824 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37824 title Fedora 10 : Miro-2.0.3-2.fc10 / blam-1.8.5-8.fc10 / devhelp-0.22-6.fc10 / epiphany-2.24.3-4.fc10 / etc (2009-3100) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-0398.NASL description Updated SeaMonkey packages that fix two security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A memory corruption flaw was discovered in the way SeaMonkey handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1169) A flaw was discovered in the way SeaMonkey handles certain XUL garbage collection events. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1044) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 36044 published 2009-03-30 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36044 title RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2009:0398) NASL family SuSE Local Security Checks NASL id SUSE_11_0_SEAMONKEY-090617.NASL description The Mozilla SeaMonkey browser suite was updated to version 1.1.16, fixing various bugs and security issues : - Security update to 1.1.16 - MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217) Crash and remote code execution in XSL transformation - MFSA 2009-14/CVE-2009-1303/CVE-2009-1305 Crashes with evidence of memory corruption (rv:1.9.0.9) - Security update to 1.1.15 - MFSA 2009-15/CVE-2009-0652 URL spoofing with box drawing character - MFSA 2009-07/CVE-2009-0771, CVE-2009-0772, CVE-2009-0773 CVE-2009-0774: Crashes with evidence of memory corruption (rv:1.9.0.7) - MFSA 2009-09/CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect - MFSA 2009-10/CVE-2009-0040: Upgrade PNG library to fix memory safety hazards - MFSA 2009-01/CVE-2009-0352 Crashes with evidence of memory corruption (rv:1.9.0.6) - MFSA 2009-05/CVE-2009-0357 XMLHttpRequest allows reading HTTPOnly cookies Please note that the java openjdk plugin might not work after installing this update. last seen 2020-06-01 modified 2020-06-02 plugin id 40133 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40133 title openSUSE Security Update : seamonkey (seamonkey-1014) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-0398.NASL description From Red Hat Security Advisory 2009:0398 : Updated SeaMonkey packages that fix two security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A memory corruption flaw was discovered in the way SeaMonkey handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1169) A flaw was discovered in the way SeaMonkey handles certain XUL garbage collection events. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1044) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 67834 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67834 title Oracle Linux 3 / 4 : seamonkey (ELSA-2009-0398) NASL family Fedora Local Security Checks NASL id FEDORA_2009-3101.NASL description http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36054 published 2009-03-31 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36054 title Fedora 9 : seamonkey-1.1.15-3.fc9 (2009-3101) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-0397.NASL description Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) For technical details regarding these flaws, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this errata. Firefox users should upgrade to these updated packages, which resolve these issues. For Red Hat Enterprise Linux 4, they contain backported patches to the firefox package. For Red Hat Enterprise Linux 5, they contain backported patches to the xulrunner packages. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 36043 published 2009-03-30 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36043 title RHEL 4 / 5 : firefox (RHSA-2009:0397) NASL family SuSE Local Security Checks NASL id SUSE_SEAMONKEY-6310.NASL description The Mozilla SeaMonkey browser suite was updated to version 1.1.16, fixing various bugs and security issues : - Security update to 1.1.16 - MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217) Crash and remote code execution in XSL transformation - MFSA 2009-14/CVE-2009-1303/CVE-2009-1305 Crashes with evidence of memory corruption (rv:1.9.0.9) - Security update to 1.1.15 - MFSA 2009-15/CVE-2009-0652 URL spoofing with box drawing character - MFSA 2009-07/CVE-2009-0771, CVE-2009-0772, CVE-2009-0773 CVE-2009-0774: Crashes with evidence of memory corruption (rv:1.9.0.7) - MFSA 2009-09/CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect - MFSA 2009-10/CVE-2009-0040: Upgrade PNG library to fix memory safety hazards - MFSA 2009-01/CVE-2009-0352 Crashes with evidence of memory corruption (rv:1.9.0.6) - MFSA 2009-05/CVE-2009-0357 XMLHttpRequest allows reading HTTPOnly cookies Please note that the java openjdk plugin might not work after installing this update. last seen 2020-06-01 modified 2020-06-02 plugin id 39462 published 2009-06-19 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39462 title openSUSE 10 Security Update : seamonkey (seamonkey-6310) NASL family Windows NASL id SEAMONKEY_1116.NASL description The installed version of SeaMonkey is earlier than 1.1.16. Such versions are potentially affected by the following security issues : - An XSL transformation vulnerability can be leveraged with a specially crafted stylesheet to crash the browser or to execute arbitrary code. (MFSA 2009-12) - Multiple remote memory corruption vulnerabilities exist which can be exploited to execute arbitrary code in the context of the user running the affected application. (MFSA 2009-14) last seen 2020-06-01 modified 2020-06-02 plugin id 36130 published 2009-04-10 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36130 title SeaMonkey < 1.1.16 Multiple Vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-745-1.NASL description It was discovered that Firefox did not properly perform XUL garbage collection. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS and 8.10. (CVE-2009-1044) A flaw was discovered in the way Firefox performed XSLT transformations. If a user were tricked into opening a crafted XSL stylesheet, an attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1169). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 38148 published 2009-04-23 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38148 title Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : firefox, firefox-3.0, xulrunner-1.9 vulnerabilities (USN-745-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-0397.NASL description From Red Hat Security Advisory 2009:0397 : Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) For technical details regarding these flaws, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this errata. Firefox users should upgrade to these updated packages, which resolve these issues. For Red Hat Enterprise Linux 4, they contain backported patches to the firefox package. For Red Hat Enterprise Linux 5, they contain backported patches to the xulrunner packages. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 67833 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67833 title Oracle Linux 4 / 5 : firefox (ELSA-2009-0397) NASL family Windows NASL id MOZILLA_FIREFOX_308.NASL description The installed version of Firefox is earlier than 3.0.8. Such versions are potentially affected by the following security issues : - An XSL transformation vulnerability can be leveraged with a specially crafted stylesheet to crash the browser or to execute arbitrary code. (MFSA 2009-12) - An error in the XUL tree method last seen 2020-06-01 modified 2020-06-02 plugin id 36045 published 2009-03-30 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36045 title Firefox < 3.0.8 Multiple Vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1756.NASL description Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1169 Security researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 36066 published 2009-04-01 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36066 title Debian DSA-1756-1 : xulrunner - multiple vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201301-01.NASL description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 63402 published 2013-01-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63402 title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) NASL family SuSE Local Security Checks NASL id SUSE_11_1_SEAMONKEY-090617.NASL description The Mozilla SeaMonkey browser suite was updated to version 1.1.16, fixing various bugs and security issues : - Security update to 1.1.16 - MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217) Crash and remote code execution in XSL transformation - MFSA 2009-14/CVE-2009-1303/CVE-2009-1305 Crashes with evidence of memory corruption (rv:1.9.0.9) - Security update to 1.1.15 - MFSA 2009-15/CVE-2009-0652 URL spoofing with box drawing character - MFSA 2009-07/CVE-2009-0771, CVE-2009-0772, CVE-2009-0773 CVE-2009-0774: Crashes with evidence of memory corruption (rv:1.9.0.7) - MFSA 2009-09/CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect - MFSA 2009-10/CVE-2009-0040: Upgrade PNG library to fix memory safety hazards - MFSA 2009-01/CVE-2009-0352 Crashes with evidence of memory corruption (rv:1.9.0.6) - MFSA 2009-05/CVE-2009-0357 XMLHttpRequest allows reading HTTPOnly cookies Please note that the java openjdk plugin might not work after installing this update. last seen 2020-06-01 modified 2020-06-02 plugin id 40309 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40309 title openSUSE Security Update : seamonkey (seamonkey-1014) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-6194.NASL description The Mozilla Firefox Browser was refreshed to the current MOZILLA_1_8 branch state around fix level 2.0.0.22. Security issues identified as being fixed are: MFSA 2009-01 / CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2009-07 / CVE-2009-0772 / CVE-2009-0774: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2009-09 / CVE-2009-0776: Mozilla security researcher Georgi Guninski reported that a website could use nsIRDFService and a cross-domain redirect to steal arbitrary XML data from another domain, a violation of the same-origin policy. This vulnerability could be used by a malicious website to steal private data from users authenticated to the redirected website. MFSA 2009-10 / CVE-2009-0040: Google security researcher Tavis Ormandy reported several memory safety hazards to the libpng project, an external library used by Mozilla to render PNG images. These vulnerabilities could be used by a malicious website to crash a victim last seen 2020-06-01 modified 2020-06-02 plugin id 36199 published 2009-04-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36199 title openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-6194) NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOZILLAFIREFOX-090407.NASL description The Mozilla Firefox Browser was updated to the 3.0.8 release. It fixes several security issues : MFSA 2009-13 / CVE-2009-1044: Security researcher Nils reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 40171 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40171 title openSUSE Security Update : MozillaFirefox (MozillaFirefox-745) NASL family SuSE Local Security Checks NASL id SUSE_11_0_MOZILLAFIREFOX-090407.NASL description The Mozilla Firefox Browser was updated to the 3.0.8 release. It fixes several security issues : MFSA 2009-13 / CVE-2009-1044: Security researcher Nils reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 39888 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39888 title openSUSE Security Update : MozillaFirefox (MozillaFirefox-745) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-0398.NASL description Updated SeaMonkey packages that fix two security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A memory corruption flaw was discovered in the way SeaMonkey handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1169) A flaw was discovered in the way SeaMonkey handles certain XUL garbage collection events. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1044) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 36039 published 2009-03-30 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36039 title CentOS 3 : seamonkey (CESA-2009:0398) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-0397.NASL description Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) For technical details regarding these flaws, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this errata. Firefox users should upgrade to these updated packages, which resolve these issues. For Red Hat Enterprise Linux 4, they contain backported patches to the firefox package. For Red Hat Enterprise Linux 5, they contain backported patches to the xulrunner packages. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 43737 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43737 title CentOS 4 / 5 : firefox (CESA-2009:0397)
Oval
| accepted | 2013-04-29T04:13:35.069-04:00 | ||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||
| description | The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform. | ||||||||||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:11372 | ||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
| title | The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform. | ||||||||||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 34235 CVE(CAN) ID: CVE-2009-1169 Firefox是一款非常流行的开放源码WEB浏览器。 Firefox在转换XML文档时没有正确地处理出错情况,特制的XSLT代码可能导致将临时的被破坏栈变量处理为评估上下文对象。漏洞的起因是 evalContext是栈分配的,但在失败的情况下仍被txExecutionState对象引用,该对象的释放器之后又试图删除 evalContext。成功利用这个漏洞的攻击者可能导致浏览器崩溃或在用户机器上执行任意代码。 Mozilla Firefox < 3.0.8 Mozilla SeaMonkey < 1.1.16 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1756-1)以及相应补丁: DSA-1756-1:New xulrunner packages fix multiple vulnerabilities 链接:<a href=http://www.debian.org/security/2009/dsa-1756 target=_blank rel=external nofollow>http://www.debian.org/security/2009/dsa-1756</a> 补丁下载: Source archives: <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny2.dsc target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny2.dsc</a> Size/MD5 checksum: 1777 be107e8cce28d09395d6c2b0e2880e0b <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7.orig.tar.gz target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7.orig.tar.gz</a> Size/MD5 checksum: 43683292 f49b66c10e021debdfd9cd3705847d9b <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny2.diff.gz target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny2.diff.gz</a> Size/MD5 checksum: 115665 4886b961a24c13d9017e8f261b7a4ad4 Architecture independent packages: <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.7-0lenny2_all.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.7-0lenny2_all.deb</a> Size/MD5 checksum: 1480030 c12b4d6d534c0f12ec8e19760ca52a9b amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_amd64.deb</a> Size/MD5 checksum: 69048 cbcfc3f9addacdd2a6641980876910f1 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_amd64.deb</a> Size/MD5 checksum: 7725982 c5075bc0634cb5b2cfc8b64649f9511e <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_amd64.deb</a> Size/MD5 checksum: 3587626 1ce3de601c764c9bfb0c3998566f2baa <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_amd64.deb</a> Size/MD5 checksum: 887434 d373f8ed294bc6184a188bc820e04d6b <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_amd64.deb</a> Size/MD5 checksum: 220394 8ac87390e12115281d335b8773fb5733 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_amd64.deb</a> Size/MD5 checksum: 152152 76761d21f53d017af1ff349e528664ea <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_amd64.deb</a> Size/MD5 checksum: 372048 ba88e43241ab33621169f2e352bdf634 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_amd64.deb</a> Size/MD5 checksum: 50084206 d44a3028e5049f2b8051a5f6ed632fe6 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_amd64.deb</a> Size/MD5 checksum: 100434 d20e7c595e15ca0831d62d13d19c9d25 arm architecture (ARM) <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_arm.deb</a> Size/MD5 checksum: 814182 2fe30b4c614a8dad20d6daa5e8156193 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_arm.deb</a> Size/MD5 checksum: 83324 b2b5e1e0850ceb17bf60471435a751f8 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_arm.deb</a> Size/MD5 checksum: 6786494 017302b5a56bdd55d3d1ffe18bd61832 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_arm.deb</a> Size/MD5 checksum: 49032638 2343b97ac1a895a00c65d7c7d4854bf3 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_arm.deb</a> Size/MD5 checksum: 67078 5891e17e7a7abe4b9b3ff3b06d1c5bf8 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_arm.deb</a> Size/MD5 checksum: 348306 7cacc5c36e3139afa7e93cce23e55bdc <a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_arm.deb</a> Size/MD5 checksum: 141074 ddfcdb101f24b626caede43f36667ebb <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_arm.deb</a> Size/MD5 checksum: 222552 099c35e0a9fc845e12d97e05dc5cefbe <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_arm.deb</a> Size/MD5 checksum: 3577622 a45883aa5a860e9ceaccd1507b1e2b4d hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_hppa.deb</a> Size/MD5 checksum: 106132 b21e7b60ef507b75d4e75cecf01507b4 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_hppa.deb</a> Size/MD5 checksum: 409632 8ad83b2450a8224287708d08fb0e3349 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_hppa.deb</a> Size/MD5 checksum: 222406 cc644de6ffb2987c4d3290760d851c3f <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_hppa.deb</a> Size/MD5 checksum: 50959494 30e6201361ab450cce9c1ae5767b7d00 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_hppa.deb</a> Size/MD5 checksum: 900224 98b504ea16f93598810cff8dd753c7cc <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_hppa.deb</a> Size/MD5 checksum: 3625060 bb06476c2dfef959c573a67f910f500a <a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_hppa.deb</a> Size/MD5 checksum: 71008 d61063712c37cfde51b3944f1dbd311f <a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_hppa.deb</a> Size/MD5 checksum: 157864 c9b9587d5b0582b35a1ccff76445f13f <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_hppa.deb</a> Size/MD5 checksum: 9487824 ebcb840996d1d69d6836e6d1aec2f81d i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_i386.deb</a> Size/MD5 checksum: 6581370 480961b3e126e36c1d4087df2c2fb6d9 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_i386.deb</a> Size/MD5 checksum: 141498 729642753ad2a51d17983b3583f740b6 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_i386.deb</a> Size/MD5 checksum: 3572938 f0bf3224b2c681417ba6dd8dcac5f96d <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_i386.deb</a> Size/MD5 checksum: 846308 06e3b0690f2f3a868375f4d58a7b8614 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_i386.deb</a> Size/MD5 checksum: 348812 acc2f219abb68286432720315861ed53 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_i386.deb</a> Size/MD5 checksum: 82002 77b4ffe73322bf5ead4bc24ee3fc76d2 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_i386.deb</a> Size/MD5 checksum: 222556 85fee1ce9133cb7ab9ce99f62b70e447 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_i386.deb</a> Size/MD5 checksum: 67810 0eb6b02984351fa3bf02640d7ff1d4e6 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_i386.deb</a> Size/MD5 checksum: 49248242 64fb21f6c3a2411743222fc26e304b76 ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_ia64.deb</a> Size/MD5 checksum: 49419026 7cb040fbbef113cd5c8a1c5c443df6fd <a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_ia64.deb</a> Size/MD5 checksum: 179458 82249a7cb150fce22af5f5681d3164fe <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_ia64.deb</a> Size/MD5 checksum: 11270206 be3c0b80f22210fa2a53236cbde9ceb9 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_ia64.deb</a> Size/MD5 checksum: 538492 e75c766e0666c1604805f8c4c97cc256 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_ia64.deb</a> Size/MD5 checksum: 75446 94f2c55150101f7a5811c9429364bd1b <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_ia64.deb</a> Size/MD5 checksum: 222198 62ba8960b8326d21523dc7c76cc1f9d8 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_ia64.deb</a> Size/MD5 checksum: 808982 3038817adea449b7715164cad73a5f16 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_ia64.deb</a> Size/MD5 checksum: 3391518 26decf00e4fb05e3dbfc61c9dd933f5b <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_ia64.deb</a> Size/MD5 checksum: 120932 e3af6d0b86f8d21a9fbb43986a5c79b3 mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_mips.deb</a> Size/MD5 checksum: 914808 749779b5620ceffb2845ac170699a866 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_mips.deb</a> Size/MD5 checksum: 221900 63c93f91cf4ee34e307bd06c5675c460 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_mips.deb</a> Size/MD5 checksum: 377372 1c527a4b63e3eb729124f54764261310 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_mips.deb</a> Size/MD5 checksum: 51596012 c6b8d6fed635039a75e553a59164b0de <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_mips.deb</a> Size/MD5 checksum: 7652050 4464324acfeaf2019722f4bddc980a64 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_mips.deb</a> Size/MD5 checksum: 144160 3217dab8582a83c2e8db5ed0a2894c9a <a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_mips.deb</a> Size/MD5 checksum: 69328 7d17be8a925e42469ce3d46009eb0437 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_mips.deb</a> Size/MD5 checksum: 3607854 683f1204c14aa14f72927e2babf2afc2 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_mips.deb</a> Size/MD5 checksum: 96506 95148e457d3a554935ae2771553378d8 mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_mipsel.deb</a> Size/MD5 checksum: 896502 7293da4f42af7c5faadaff3d00e024ad <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_mipsel.deb</a> Size/MD5 checksum: 222202 8ab7c65e1b6e67481b885951bf7b06ee <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_mipsel.deb</a> Size/MD5 checksum: 96170 02b28ff5c4af5b3c5ab241e6ada57895 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_mipsel.deb</a> Size/MD5 checksum: 144424 34f4f9236099f217f309dd3404cd32fc <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_mipsel.deb</a> Size/MD5 checksum: 375064 c324513cb22e6bf942308fec5d6ffc44 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_mipsel.deb</a> Size/MD5 checksum: 3303026 c9f09e3ac15cea9522e16d7606832417 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_mipsel.deb</a> Size/MD5 checksum: 7359744 20955f26918492c6060f5196608cecca <a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_mipsel.deb</a> Size/MD5 checksum: 68948 e564d5ad298fa7f2eb43c3d142421b23 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_mipsel.deb</a> Size/MD5 checksum: 49718170 f305c87d9f9f0a4bb25c782fbca0e553 powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_powerpc.deb</a> Size/MD5 checksum: 51145940 d4450ede3188d085537b34912a130fc8 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_powerpc.deb</a> Size/MD5 checksum: 222214 a193661cfee9a9baf937e51fa8927852 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_powerpc.deb</a> Size/MD5 checksum: 7259520 7a5a2eb42cf43a3859c886f6604e7bb0 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_powerpc.deb</a> Size/MD5 checksum: 94176 0f27b080d4ef6e907e97926d9bde09d8 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_powerpc.deb</a> Size/MD5 checksum: 151634 eb3b55bb033dd21e3a395b5455fed3a3 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_powerpc.deb</a> Size/MD5 checksum: 72114 856bcc9a079008a00f502c037f7e075b <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_powerpc.deb</a> Size/MD5 checksum: 3278706 141fbb356a9b0ee7ddee52b32b250021 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_powerpc.deb</a> Size/MD5 checksum: 359602 e678dd18f6fac0aad286a5d455e6d84f <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_powerpc.deb</a> Size/MD5 checksum: 885062 6682354b8d0e8f25e6897bcfee801579 s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_s390.deb</a> Size/MD5 checksum: 50926930 5066e277c6bb2f1435cd92ba4c09dc8f <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_s390.deb</a> Size/MD5 checksum: 222190 c62253da00b92ab339f524ef6d525767 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_s390.deb</a> Size/MD5 checksum: 404064 4f0c71caf3242ca9f1878ac6df71b414 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_s390.deb</a> Size/MD5 checksum: 104972 ecefd67cf04623d0bd9deb66645ece52 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_s390.deb</a> Size/MD5 checksum: 155536 33869ff68336fde0594bb45661f85c03 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_s390.deb</a> Size/MD5 checksum: 3300930 9cf7bde0ab1e0c507566a88fd2a6562f <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_s390.deb</a> Size/MD5 checksum: 906248 a03086436351f5085905acd1d4084f40 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_s390.deb</a> Size/MD5 checksum: 8371150 b731e930186033123c928eeb52c186ba <a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_s390.deb</a> Size/MD5 checksum: 71936 426ddd3166525fdf235448bddcba413b sparc architecture (Sun SPARC/UltraSPARC) <a href=http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_sparc.deb</a> Size/MD5 checksum: 68258 8c14ad467b7a590f0262ad0636b7a90b <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_sparc.deb</a> Size/MD5 checksum: 87020 d7241f5f6ae1a92e9bfe819955c42b88 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_sparc.deb</a> Size/MD5 checksum: 3571244 a50b84de8fe3f268e33882b5b325945d <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_sparc.deb</a> Size/MD5 checksum: 817342 554bd07b8f90071d36ac57c01c24b6a9 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_sparc.deb</a> Size/MD5 checksum: 220812 1edcd284a1520e8fdfdf68f015dd2211 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_sparc.deb</a> Size/MD5 checksum: 7152698 d33c5b929d5d98a02f0ce021b5bb1531 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_sparc.deb</a> Size/MD5 checksum: 346378 e617288c62da4165ed5230adbc9d7890 <a href=http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_sparc.deb</a> Size/MD5 checksum: 141340 606be0ab05095515bbb3070d7543e1ca <a href=http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_sparc.deb</a> Size/MD5 checksum: 49112986 1c799dc5e9059379adadf2380bf5d0e2 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.mozilla.org/ target=_blank rel=external nofollow>http://www.mozilla.org/</a> RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2009:0397-01)以及相应补丁: RHSA-2009:0397-01:Critical: firefox security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2009-0397.html target=_blank rel=external nofollow>https://www.redhat.com/support/errata/RHSA-2009-0397.html</a> |
| id | SSV:4973 |
| last seen | 2017-11-19 |
| modified | 2009-04-01 |
| published | 2009-04-01 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-4973 |
| title | Firefox XSL解析root XML标签内存破坏漏洞 |
References
- http://blogs.zdnet.com/security/?p=3013
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html
- http://secunia.com/advisories/34471
- http://secunia.com/advisories/34486
- http://secunia.com/advisories/34505
- http://secunia.com/advisories/34510
- http://secunia.com/advisories/34511
- http://secunia.com/advisories/34521
- http://secunia.com/advisories/34527
- http://secunia.com/advisories/34549
- http://secunia.com/advisories/34550
- http://secunia.com/advisories/34792
- http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm
- http://www.debian.org/security/2009/dsa-1756
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:084
- http://www.mozilla.org/security/announce/2009/mfsa2009-12.html
- http://www.redhat.com/support/errata/RHSA-2009-0397.html
- http://www.redhat.com/support/errata/RHSA-2009-0398.html
- http://www.securityfocus.com/bid/34235
- http://www.securitytracker.com/id?1021939
- http://www.ubuntu.com/usn/usn-745-1
- http://www.vupen.com/english/advisories/2009/0853
- https://bugzilla.mozilla.org/show_bug.cgi?id=460090
- https://bugzilla.mozilla.org/show_bug.cgi?id=485217
- https://bugzilla.mozilla.org/show_bug.cgi?id=485286
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49439
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11372
- https://www.exploit-db.com/exploits/8285
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html