Package: xulrunner Version: 1.9.1.5-1 Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xulrunner.
CVE-2009-2953[0]: | Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote | attackers to cause a denial of service (CPU consumption) via | JavaScript code with a long string value for the hash property (aka | location.hash), a related issue to CVE-2008-5715. I've tested other xulrunner-derived browsers such as galeon and this proof-of-concept there as well (causes a crash). If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2953 http://security-tracker.debian.org/tracker/CVE-2009-2953 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
