[BSA-056] Security update for Iceweasel

2011-11-1114:05:42

lists.debian.org

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.011

Percentile

84.3%

JSON

I uploaded new packages for icewease which fixed the following
security problems:

CVE-2011-3647

"moz_bug_r_a4" discovered a privilege escalation vulnerability in
addon handling.

CVE-2011-3648

Yosuke Hasegawa discovered that incorrect handling of Shift-JIS
encodings could lead to cross-site scripting.

CVE-2011-3650

Marc Schoenefeld discovered that profiling the Javascript code
could lead to memory corruption.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.9.0.19-15 of the xulrunner source package.

For the lenny-backports distribution the problems have been fixed in
version 3.5.16-11~bpo50+1.

For the stable distribution (squeeze), this problem has been fixed in
version 3.5.16-11.

For the unstable distribution (sid), this problem has been fixed in
version 8.0-1.

Upgrade instructions

If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install <packagelist>" with
the packagelist of your installed packages affected by this update.
[1] <http://backports.debian.org/Instructions>

We recommend to pin (in /etc/apt/preferences) the backports repository to
200 so that new versions of installed backports will be installed
automatically.

Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
Attachment:
signature.asc
Description: Digital signature

OSVersionArchitecturePackageVersionFilename
Debian5armelxulrunner-1.9-dbg< 1.9.0.19-15xulrunner-1.9-dbg_1.9.0.19-15_armel.deb
Debian5hppalibmozjs1d< 1.9.0.19-15libmozjs1d_1.9.0.19-15_hppa.deb
Debian6kfreebsd-amd64icedove-dbg< 3.0.11-1+squeeze6icedove-dbg_3.0.11-1+squeeze6_kfreebsd-amd64.deb
Debian5mipselxulrunner-1.9-dbg< 1.9.0.19-15xulrunner-1.9-dbg_1.9.0.19-15_mipsel.deb
Debian6mipsxulrunner-dev< 1.9.1.16-11xulrunner-dev_1.9.1.16-11_mips.deb
Debian6s390icedove-dbg< 3.0.11-1+squeeze6icedove-dbg_3.0.11-1+squeeze6_s390.deb
Debian6allicewease< 3.5.16-11icewease_3.5.16-11_all.deb
Debian6mipsellibmozjs-dev< 1.9.1.16-11libmozjs-dev_1.9.1.16-11_mipsel.deb
Debian6kfreebsd-i386icedove-dbg< 3.0.11-1+squeeze6icedove-dbg_3.0.11-1+squeeze6_kfreebsd-i386.deb
Debian6ia64xulrunner-1.9.1-dbg< 1.9.1.16-11xulrunner-1.9.1-dbg_1.9.1.16-11_ia64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	5	armel	xulrunner-1.9-dbg	< 1.9.0.19-15	xulrunner-1.9-dbg_1.9.0.19-15_armel.deb
Debian	5	hppa	libmozjs1d	< 1.9.0.19-15	libmozjs1d_1.9.0.19-15_hppa.deb
Debian	6	kfreebsd-amd64	icedove-dbg	< 3.0.11-1+squeeze6	icedove-dbg_3.0.11-1+squeeze6_kfreebsd-amd64.deb
Debian	5	mipsel	xulrunner-1.9-dbg	< 1.9.0.19-15	xulrunner-1.9-dbg_1.9.0.19-15_mipsel.deb
Debian	6	mips	xulrunner-dev	< 1.9.1.16-11	xulrunner-dev_1.9.1.16-11_mips.deb
Debian	6	s390	icedove-dbg	< 3.0.11-1+squeeze6	icedove-dbg_3.0.11-1+squeeze6_s390.deb
Debian	6	all	icewease	< 3.5.16-11	icewease_3.5.16-11_all.deb
Debian	6	mipsel	libmozjs-dev	< 1.9.1.16-11	libmozjs-dev_1.9.1.16-11_mipsel.deb
Debian	6	kfreebsd-i386	icedove-dbg	< 3.0.11-1+squeeze6	icedove-dbg_3.0.11-1+squeeze6_kfreebsd-i386.deb
Debian	6	ia64	xulrunner-1.9.1-dbg	< 1.9.1.16-11	xulrunner-1.9.1-dbg_1.9.1.16-11_ia64.deb