[SECURITY] [DSA 2341-1] iceweasel security update

2011-11-0916:45:01

lists.debian.org

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.011

Percentile

84.3%

JSON

Debian Security Advisory DSA-2341-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
November 09, 2011 http://www.debian.org/security/faq

Package : iceweasel
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-3647 CVE-2011-3648 CVE-2011-3650

Several vulnerabilities have been discovered in Iceweasel, a web browser
based on Firefox. The included XULRunner library provides rendering
services for several other applications included in Debian.

CVE-2011-3647

"moz_bug_r_a4" discovered a privilege escalation vulnerability in
addon handling.

CVE-2011-3648

Yosuke Hasegawa discovered that incorrect handling of Shift-JIS
encodings could lead to cross-site scripting.

CVE-2011-3650

Marc Schoenefeld discovered that profiling the Javascript code
could lead to memory corruption.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.9.0.19-15 of the xulrunner source package.

For the stable distribution (squeeze), this problem has been fixed in
version 3.5.16-11.

For the unstable distribution (sid), this problem has been fixed in
version 8.0-1.

We recommend that you upgrade your iceweasel packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6allicedove< 3.0.11-1+squeeze6icedove_3.0.11-1+squeeze6_all.deb
Debian6s390iceape-mailnews< 2.0.11-9iceape-mailnews_2.0.11-9_s390.deb
Debian5ia64xulrunner-1.9-dbg< 1.9.0.19-15xulrunner-1.9-dbg_1.9.0.19-15_ia64.deb
Debian5armxulrunner-dev< 1.9.0.19-15xulrunner-dev_1.9.0.19-15_arm.deb
Debian6powerpciceweasel< 3.5.16-11iceweasel_3.5.16-11_powerpc.deb
Debian5armellibmozjs1d< 1.9.0.19-15libmozjs1d_1.9.0.19-15_armel.deb
Debian5ia64xulrunner-1.9-gnome-support< 1.9.0.19-15xulrunner-1.9-gnome-support_1.9.0.19-15_ia64.deb
Debian6s390icedove< 3.0.11-1+squeeze6icedove_3.0.11-1+squeeze6_s390.deb
Debian6amd64xulrunner-1.9.1< 1.9.1.16-11xulrunner-1.9.1_1.9.1.16-11_amd64.deb
Debian6kfreebsd-i386xulrunner-1.9.1< 1.9.1.16-11xulrunner-1.9.1_1.9.1.16-11_kfreebsd-i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	all	icedove	< 3.0.11-1+squeeze6	icedove_3.0.11-1+squeeze6_all.deb
Debian	6	s390	iceape-mailnews	< 2.0.11-9	iceape-mailnews_2.0.11-9_s390.deb
Debian	5	ia64	xulrunner-1.9-dbg	< 1.9.0.19-15	xulrunner-1.9-dbg_1.9.0.19-15_ia64.deb
Debian	5	arm	xulrunner-dev	< 1.9.0.19-15	xulrunner-dev_1.9.0.19-15_arm.deb
Debian	6	powerpc	iceweasel	< 3.5.16-11	iceweasel_3.5.16-11_powerpc.deb
Debian	5	armel	libmozjs1d	< 1.9.0.19-15	libmozjs1d_1.9.0.19-15_armel.deb
Debian	5	ia64	xulrunner-1.9-gnome-support	< 1.9.0.19-15	xulrunner-1.9-gnome-support_1.9.0.19-15_ia64.deb
Debian	6	s390	icedove	< 3.0.11-1+squeeze6	icedove_3.0.11-1+squeeze6_s390.deb
Debian	6	amd64	xulrunner-1.9.1	< 1.9.1.16-11	xulrunner-1.9.1_1.9.1.16-11_amd64.deb
Debian	6	kfreebsd-i386	xulrunner-1.9.1	< 1.9.1.16-11	xulrunner-1.9.1_1.9.1.16-11_kfreebsd-i386.deb