xulrunner-1.9.2.11-4.0.1.AXS3

エラータID: AXSA:2010-480:08

Release date: 
Wednesday, November 3, 2010 - 13:04
Subject: 
xulrunner-1.9.2.11-4.0.1.AXS3
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

XULRunner provides the XUL Runtime environment for Gecko applications.
Security issues fixed with this release:
CVE-2010-3765
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

Solution: 

Update packages.

CVEs: 
CVE-2010-3765
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.


Additional Info: 

N/A

Download: 

SRPMS
  1. xulrunner-1.9.2.11-4.0.1.AXS3.src.rpm
    MD5: e411df1449c019f55557dc2b3f264096
    SHA-256: 96c7ce287d6f2975d06c90dfc024e641f75e2c28637cfd1d27d37dde678d6d51
    Size: 48.78 MB

Asianux Server 3 for x86
  1. xulrunner-1.9.2.11-4.0.1.AXS3.i386.rpm
    MD5: b74ff9ea779d0be2f2d8bfe5cda006d9
    SHA-256: 4dacd52d1a1f880b8287dde5d66ef522fa3329c201bb99634aea21e40bcabcdb
    Size: 11.57 MB

Asianux Server 3 for x86_64
  1. xulrunner-1.9.2.11-4.0.1.AXS3.x86_64.rpm
    MD5: 7384771a843df5494dd0b2253841f26f
    SHA-256: 096febe2e90d17b998626bcbb276018cc79b650c00af06d7512cc3723e99214b
    Size: 11.01 MB