- Home
- CVEs with nessus.description==Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems :
- CVE-2007-1362 Nicolas Derouet discovered that Xulrunner performs insufficient validation of cookies, which could lead to denial of service.
- CVE-2007-2867 Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn Wargers and Olli Pettay discovered crashes in the layout engine, which might allow the execution of arbitrary code.
- CVE-2007-2868 Brendan Eich, Igor Bukanov, Jesse Ruderman, 'moz_bug_r_a4' and Wladimir Palant discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code.
- CVE-2007-2869 'Marcel' discovered that malicious websites can cause massive resource consumption through the auto completion feature, resulting in denial of service.
- CVE-2007-2870 'moz_bug_r_a4' discovered that adding an event listener through theaddEventListener() function allows cross-site scripting.
- CVE-2007-2871 Chris Thomas discovered that XUL popups can be abused for spoofing or phishing attacks.
The oldstable distribution (sarge) doesn't include xulrunner.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top