Feb 6th 09 Friday Favourite
This week my favourite came in EARLY this morning. Its the Fedora update for xulrunner defined here:
http://secunia.com/Advisories/33841/
Fedora has issue an update for xulrunner. This fixes some vulnerabilities, which can be exploited by malicious, local users to potentially disclose sensitive information, and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, disclose sensitive information, or potentially to compromise a user’s system.
and more information about other distributions and implementations here:
http://secunia.com/advisories/33799/
This is not specifically a local exploit as the Fedora advisory tries to lean towards. Multiple errors in the layout engine and javascript can be exploited to cause memory corruptions and potentially execute arbitrary code. Sounds like it could be done remotely if you ask me.
If I did not get this advisory in my mail this morning then I would have had to choose this one: http://www.securiteam.com/windowsntfocus/5PP010UQAK.html but I think that the xulrunner advisory is a better choice for this weeks Friday Favourite!
Add comment February 6th, 2009