Ubuntu Security Notice USN-1123-1

29th April, 2011

Multiple Xulrunner 1.9.1 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 9.10

Summary

Multiple xulrunner-1.9.1 vulnerabilities

Software description

• xulrunner-1.9.1 - XUL + XPCOM application runner

Details

A large number of security issues were discovered in the Gecko rendering
engine. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 9.10:

xulrunner-1.9.1 1.9.1.19+build2+nobinonly-0ubuntu0.9.10.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart any applications which
use Xulrunner to make all the necessary changes.

References

CVE-2010-1585, CVE-2010-3776, CVE-2010-3778, CVE-2011-0051, CVE-2011-0053, CVE-2011-0054, CVE-2011-0055, CVE-2011-0056, CVE-2011-0057, CVE-2011-0058, CVE-2011-0059, CVE-2011-0062, CVE-2011-0065, CVE-2011-0066, CVE-2011-0067, CVE-2011-0069, CVE-2011-0070, CVE-2011-0071, CVE-2011-0072, CVE-2011-0073, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0080, CVE-2011-1202