BSA-002 Security Update for iceweasel

Alexander Reichle-Schmehl uploaded new packages for iceweasel which
fixed the following security problems:

CVE-2010-3169:

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7
and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors.

CVE-2010-2765:

Integer overflow in the FRAMESET element implementation in Mozilla
Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7
and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote
attackers to execute arbitrary code via a large number of values in the
cols (aka columns) attribute, leading to a heap-based buffer overflow.

CVE-2010-2767:

The navigator.plugins implementation in Mozilla Firefox before 3.5.12
and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3,
and SeaMonkey before 2.0.7 does not properly handle destruction of the
DOM plugin array, which might allow remote attackers to cause a denial
of service (application crash) or execute arbitrary code via crafted
access to the navigator object, related to a "dangling pointer
vulnerability."

CVE-2010-3166:

Heap-based buffer overflow in the nsTextFrameUtils::TransformText
function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9,
Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before
2.0.7 might allow remote attackers to execute arbitrary code via a
bidirectional text run.

CVE-2010-2760:

Use-after-free vulnerability in the nsTreeSelection function in
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before
3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow
remote attackers to execute arbitrary code via vectors involving a XUL
tree selection, related to a "dangling pointer vulnerability." NOTE:
this issue exists because of an incomplete fix for CVE-2010-2753.

CVE-2010-3168:

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird
before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not
properly restrict the role of property changes in triggering XUL tree
removal, which allows remote attackers to cause a denial of service
(deleted memory access and application crash) or possibly execute
arbitrary code by setting unspecified properties.

CVE-2010-3167:

The nsTreeContentView function in Mozilla Firefox before 3.5.12 and
3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and
SeaMonkey before 2.0.7 does not properly handle node removal in XUL
trees, which allows remote attackers to execute arbitrary code via
vectors involving access to deleted memory, related to a "dangling
pointer vulnerability."

CVE-2010-2766:

The normalizeDocument function in Mozilla Firefox before 3.5.12 and
3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and
SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes
during normalization, which might allow remote attackers to execute
arbitrary code via vectors involving access to a deleted object.

CVE-2010-2763:

The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW)
implementation in Mozilla Firefox before 3.5.12, Thunderbird before
3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted
functions, which allows remote attackers to bypass the Same Origin
Policy and conduct cross-site scripting (XSS) attacks via a crafted
function.

CVE-2010-2768:

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird
before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not
properly restrict use of the type attribute of an OBJECT element to set
a document's charset, which allows remote attackers to bypass cross-site
scripting (XSS) protection mechanisms via UTF-7 encoding.

CVE-2010-2769:

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before
3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before
3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers
to inject arbitrary web script or HTML via a selection that is added to
a document in which the designMode property is enabled.

CVE-2010-2764:

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird
before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not
properly restrict read access to the statusText property of
XMLHttpRequest objects, which allows remote attackers to discover the
existence of intranet web servers via cross-origin requests.

For the lenny-backports distribution the problems have been fixed in
version 3.5.12-2~bpo50+1.

For the squeeze and sid distributions the problems have been fixed in
version 3.5.12-1.

Upgrade instructions

If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install <packagelist>" with
the packagelist of your installed packages affected by this update.
[1] <http://backports.debian.org/Instructions&gt;

We recommend to pin the backports repository to 200 so that new
versions of installed backports will be installed automatically.

Package: *
Pin: release a=lenny-backports
Pin-Priority: 200