Debian Security Advisory
DSA-2296-1 iceweasel -- several vulnerabilities
- Date Reported:
- 17 Aug 2011
- Affected Packages:
- iceweasel
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2011-0084, CVE-2011-2378, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984.
- More information:
-
Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.
- CVE-2011-0084
regenrecht
discovered that incorrect pointer handling in the SVG processing code could lead to the execution of arbitrary code. - CVE-2011-2378
regenrecht
discovered that incorrect memory management in DOM processing could lead to the execution of arbitrary code. - CVE-2011-2981
moz_bug_r_a_4
discovered a Chrome privilege escalation vulnerability in the event handler code. - CVE-2011-2982
Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code.
- CVE-2011-2983
shutdown
discovered an information leak in the handling of RegExp.input. - CVE-2011-2984
moz_bug_r_a4
discovered a Chrome privilege escalation vulnerability.
For the oldstable distribution (lenny), this problem has been fixed in version 1.9.0.19-13 of the xulrunner source package.
For the stable distribution (squeeze), this problem has been fixed in version 3.5.16-9.
For the unstable distribution (sid), this problem has been fixed in version 6.0-1
We recommend that you upgrade your iceweasel packages.
- CVE-2011-0084