1. Home
  2. Security Advisories
  3. Red Hat
  4. RHSA-2012:1361

[RHSA-2012:1361] xulrunner security update

Severity Critical
Affected Packages 12
CVEs 1
Info Packages References Vulnerabilities

XULRunner provides the XUL Runtime environment for applications using the
Gecko layout engine.

A flaw was found in the way XULRunner handled security wrappers. A web page
containing malicious content could possibly cause an application linked
against XULRunner (such as Mozilla Firefox) to execute arbitrary code with
the privileges of the user running the application. (CVE-2012-4193)

For technical details regarding this flaw, refer to the Mozilla security
advisories. You can find a link to the Mozilla advisories in the References
section of this erratum.

Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges moz_bug_r_a4 as the original reporter.

All XULRunner users should upgrade to these updated packages, which correct
this issue. After installing the update, applications using XULRunner must
be restarted for the changes to take effect.

Package Affected Version
pkg:rpm/redhat/xulrunner?arch=x86_64&distro=redhat-6.3 < 10.0.8-2.el6_3
pkg:rpm/redhat/xulrunner?arch=s390x&distro=redhat-6.3 < 10.0.8-2.el6_3
pkg:rpm/redhat/xulrunner?arch=s390&distro=redhat-6.3 < 10.0.8-2.el6_3
pkg:rpm/redhat/xulrunner?arch=ppc64&distro=redhat-6.3 < 10.0.8-2.el6_3
pkg:rpm/redhat/xulrunner?arch=ppc&distro=redhat-6.3 < 10.0.8-2.el6_3
pkg:rpm/redhat/xulrunner?arch=i686&distro=redhat-6.3 < 10.0.8-2.el6_3
pkg:rpm/redhat/xulrunner-devel?arch=x86_64&distro=redhat-6.3 < 10.0.8-2.el6_3
pkg:rpm/redhat/xulrunner-devel?arch=s390x&distro=redhat-6.3 < 10.0.8-2.el6_3
pkg:rpm/redhat/xulrunner-devel?arch=s390&distro=redhat-6.3 < 10.0.8-2.el6_3
pkg:rpm/redhat/xulrunner-devel?arch=ppc64&distro=redhat-6.3 < 10.0.8-2.el6_3
pkg:rpm/redhat/xulrunner-devel?arch=ppc&distro=redhat-6.3 < 10.0.8-2.el6_3
pkg:rpm/redhat/xulrunner-devel?arch=i686&distro=redhat-6.3 < 10.0.8-2.el6_3
ID
RHSA-2012:1361
Severity
critical
URL
https://access.redhat.com/errata/RHSA-2012:1361
Published
2012-10-12T00:00:00
(12 years ago)
Modified
2012-10-12T00:00:00
(12 years ago)
Rights
Copyright 2012 Red Hat, Inc.
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/redhat/xulrunner?arch=x86_64&distro=redhat-6.3 redhat xulrunner < 10.0.8-2.el6_3 redhat-6.3 x86_64
Affected pkg:rpm/redhat/xulrunner?arch=s390x&distro=redhat-6.3 redhat xulrunner < 10.0.8-2.el6_3 redhat-6.3 s390x
Affected pkg:rpm/redhat/xulrunner?arch=s390&distro=redhat-6.3 redhat xulrunner < 10.0.8-2.el6_3 redhat-6.3 s390
Affected pkg:rpm/redhat/xulrunner?arch=ppc64&distro=redhat-6.3 redhat xulrunner < 10.0.8-2.el6_3 redhat-6.3 ppc64
Affected pkg:rpm/redhat/xulrunner?arch=ppc&distro=redhat-6.3 redhat xulrunner < 10.0.8-2.el6_3 redhat-6.3 ppc
Affected pkg:rpm/redhat/xulrunner?arch=i686&distro=redhat-6.3 redhat xulrunner < 10.0.8-2.el6_3 redhat-6.3 i686
Affected pkg:rpm/redhat/xulrunner-devel?arch=x86_64&distro=redhat-6.3 redhat xulrunner-devel < 10.0.8-2.el6_3 redhat-6.3 x86_64
Affected pkg:rpm/redhat/xulrunner-devel?arch=s390x&distro=redhat-6.3 redhat xulrunner-devel < 10.0.8-2.el6_3 redhat-6.3 s390x
Affected pkg:rpm/redhat/xulrunner-devel?arch=s390&distro=redhat-6.3 redhat xulrunner-devel < 10.0.8-2.el6_3 redhat-6.3 s390
Affected pkg:rpm/redhat/xulrunner-devel?arch=ppc64&distro=redhat-6.3 redhat xulrunner-devel < 10.0.8-2.el6_3 redhat-6.3 ppc64
Affected pkg:rpm/redhat/xulrunner-devel?arch=ppc&distro=redhat-6.3 redhat xulrunner-devel < 10.0.8-2.el6_3 redhat-6.3 ppc
Affected pkg:rpm/redhat/xulrunner-devel?arch=i686&distro=redhat-6.3 redhat xulrunner-devel < 10.0.8-2.el6_3 redhat-6.3 i686
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date