Synopsis: Critical: xulrunner security update Issue Date: 2012-02-16 CVE Numbers: CVE-2011-3026 XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A heap-based buffer overflow flaw was found in the way XULRunner handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause an application linked against XULRunner (such as Firefox) to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026) All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect. SL5: i386 xulrunner-1.9.2.26-2.el5_7.i386.rpm xulrunner-debuginfo-1.9.2.26-2.el5_7.i386.rpm xulrunner-devel-1.9.2.26-2.el5_7.i386.rpm x86_64 xulrunner-1.9.2.26-2.el5_7.i386.rpm xulrunner-1.9.2.26-2.el5_7.x86_64.rpm xulrunner-debuginfo-1.9.2.26-2.el5_7.i386.rpm xulrunner-debuginfo-1.9.2.26-2.el5_7.x86_64.rpm xulrunner-devel-1.9.2.26-2.el5_7.i386.rpm xulrunner-devel-1.9.2.26-2.el5_7.x86_64.rpm SL6: i386 xulrunner-1.9.2.26-2.el6_2.i686.rpm xulrunner-debuginfo-1.9.2.26-2.el6_2.i686.rpm xulrunner-devel-1.9.2.26-2.el6_2.i686.rpm x86_64 xulrunner-1.9.2.26-2.el6_2.i686.rpm xulrunner-1.9.2.26-2.el6_2.x86_64.rpm xulrunner-debuginfo-1.9.2.26-2.el6_2.i686.rpm xulrunner-debuginfo-1.9.2.26-2.el6_2.x86_64.rpm xulrunner-devel-1.9.2.26-2.el6_2.i686.rpm xulrunner-devel-1.9.2.26-2.el6_2.x86_64.rpm - Scientific Linux Development Team