Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-1614-1:B70A7
HistoryJul 23, 2008 - 8:07 p.m.

[SECURITY] [DSA 1614-1] New iceweasel packages fix several vulnerabilities

2008-07-2320:07:11
lists.debian.org
19

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.012 Low

EPSS

Percentile

85.3%

JSON

Debian Security Advisory DSA-1614-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
July 23, 2008 http://www.debian.org/security/faq

Package : iceweasel
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2008-2785 CVE-2008-2933

Several remote vulnerabilities have been discovered in the Iceweasel
web browser, an unbranded version of the Firefox browser. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2008-2785

It was discovered that missing boundary checks on a reference
counter for CSS objects can lead to the execution of arbitrary code.

CVE-2008-2933

Billy Rios discovered that passing an URL containing a pipe symbol
to Iceweasel can lead to Chrome privilege escalation.

For the stable distribution (etch), these problems have been fixed in
version 2.0.0.16-0etch1. Updated packages for ia64, arm and mips are
not yet available and will be released as soon as they have been built.

For the unstable distribution (sid), these problems have been fixed in
xulrunner 1.9.0.1-1 and iceweasel 3.0.1-1.

We recommend that you upgrade your iceweasel package.

Upgrade instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Stable updates are available for alpha, amd64, hppa, i386, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.16-0etch1.diff.gz
Size/MD5 checksum: 186601 1a6e2029bb1be403464dc05d0d7056f3
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.16.orig.tar.gz
Size/MD5 checksum: 47244084 838ff458cac5da69ac0f2102c9a4fa43
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.16-0etch1.dsc
Size/MD5 checksum: 1289 b20f98b6d9dea662336b8287164b326e

Architecture independent packages:

http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.16-0etch1_all.deb
Size/MD5 checksum: 54310 13d18b856d4e0a01e7931afef496e3ec
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.16-0etch1_all.deb
Size/MD5 checksum: 54460 dc8582c2f9b6f7be94c881596ce9d191
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.16-0etch1_all.deb
Size/MD5 checksum: 54310 816c6f0fd47121ca9ab87116b631c210
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.16-0etch1_all.deb
Size/MD5 checksum: 239618 b130c9f2f2e153789d4081b03c1f3ecf
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.16-0etch1_all.deb
Size/MD5 checksum: 55096 c080b75d5a9b47353c070c8ae018ee93
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.16-0etch1_all.deb
Size/MD5 checksum: 54428 6ef73c9c91f47d9d3b9695b0baba16e0
http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.16-0etch1_all.deb
Size/MD5 checksum: 54572 fc0e196c2ac5634b69c8d393eaa83809

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.16-0etch1_alpha.deb
Size/MD5 checksum: 90158 d993f5d5638bf2644992c3a51cb07aaf
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.16-0etch1_alpha.deb
Size/MD5 checksum: 51153588 537368b3db70016472e36fa96fa6d45f
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.16-0etch1_alpha.deb
Size/MD5 checksum: 11577992 dfcf655ebf1ab9f30e2fdd10aee79b77

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.16-0etch1_amd64.deb
Size/MD5 checksum: 87828 bedb77649ba472190d25054b192b6209
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.16-0etch1_amd64.deb
Size/MD5 checksum: 10203870 5de267d5ee71e3847e73ae64872100ad
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.16-0etch1_amd64.deb
Size/MD5 checksum: 50156988 105ffac099d3a73aa40be32a44cd7212

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.16-0etch1_hppa.deb
Size/MD5 checksum: 89332 ca1481f5414cf4faf8a5a370906d8f64
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.16-0etch1_hppa.deb
Size/MD5 checksum: 11108696 06ec3f1f3819d33be04502e5bce656e0
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.16-0etch1_hppa.deb
Size/MD5 checksum: 50532424 9971def7580d2166292c8547f27dd2b4

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.16-0etch1_i386.deb
Size/MD5 checksum: 49553762 65280e9ae0c54fc73e75a361dbe722fe
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.16-0etch1_i386.deb
Size/MD5 checksum: 9119010 de6f68bb7acdf4cfdf74030cd2333de8
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.16-0etch1_i386.deb
Size/MD5 checksum: 81938 a7eb73d423a318b5901eb3a8a06685b9

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.16-0etch1_mipsel.deb
Size/MD5 checksum: 10760324 2c0b072407554c994af92a170313e26d
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.16-0etch1_mipsel.deb
Size/MD5 checksum: 52504852 d2a9840321f5daf57e6dc31be4d001ec
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.16-0etch1_mipsel.deb
Size/MD5 checksum: 83096 610122542964f56450722b5a1268f9f7

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.16-0etch1_powerpc.deb
Size/MD5 checksum: 9935532 8ef7577d3ee21a66ed0f3dd49554228b
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.16-0etch1_powerpc.deb
Size/MD5 checksum: 83658 bb96af576cc431bc5d2395065cc26519
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.16-0etch1_powerpc.deb
Size/MD5 checksum: 51951260 ce9193a0f59b5f6ebe385a6b99d81082

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.16-0etch1_s390.deb
Size/MD5 checksum: 10361684 97e6a00b1925964345ab444e08decfd7
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.16-0etch1_s390.deb
Size/MD5 checksum: 50833158 e7d855931549380a580cca41b16eb132
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.16-0etch1_s390.deb
Size/MD5 checksum: 88076 3718818f93134dd2bdbd830839c77cac

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.16-0etch1_sparc.deb
Size/MD5 checksum: 9141294 fbb65f64f8cc4e8580582633b447a9c5
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.16-0etch1_sparc.deb
Size/MD5 checksum: 49164530 d54078908cc2adaecb5f492b13a966eb
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.16-0etch1_sparc.deb
Size/MD5 checksum: 81782 bb4025ab732da55e1d29d7ade28d10aa

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

OSVersionArchitecturePackageVersionFilename
Debian4mipsiceweasel-gnome-support< 2.0.0.16-0etch1iceweasel-gnome-support_2.0.0.16-0etch1_mips.deb
Debian4alliceape-dev< 1.0.13~pre080614i-0etch1iceape-dev_1.0.13~pre080614i-0etch1_all.deb
Debian4armiceweasel-gnome-support< 2.0.0.16-0etch1iceweasel-gnome-support_2.0.0.16-0etch1_arm.deb
Debian4powerpciceape-mailnews< 1.0.13~pre080614i-0etch1iceape-mailnews_1.0.13~pre080614i-0etch1_powerpc.deb
Debian4hppalibmozjs0d-dbg< 1.8.0.15~pre080614d-0etch1libmozjs0d-dbg_1.8.0.15~pre080614d-0etch1_hppa.deb
Debian4alphaspidermonkey-bin< 1.8.0.15~pre080614d-0etch1spidermonkey-bin_1.8.0.15~pre080614d-0etch1_alpha.deb
Debian4amd64libmozjs0d< 1.8.0.15~pre080614d-0etch1libmozjs0d_1.8.0.15~pre080614d-0etch1_amd64.deb
Debian4sparcxulrunner< 1.8.0.15~pre080614d-0etch1xulrunner_1.8.0.15~pre080614d-0etch1_sparc.deb
Debian4amd64iceweasel-dbg< 2.0.0.16-0etch1iceweasel-dbg_2.0.0.16-0etch1_amd64.deb
Debian4allmozilla-dom-inspector< 2:1.8+1.0.13~pre080614i-0etch1mozilla-dom-inspector_2:1.8+1.0.13~pre080614i-0etch1_all.deb
Rows per page:
1-10 of 2711

Related

openvas 70
fedora 27
nessus 48
ubuntu 4
redhat 4
centos 5
oraclelinux 4
securityvulns 4
osv 4
prion 4
veracode 2
cve 4
seebug 2
checkpoint_advisories 1
zdi 1
ubuntucve 4
mozilla 2
cert 1
debian 3
gentoo 1
openvas
openvas
Fedora Update for devhelp FEDORA-2008-6491
2009-02-17 00:00:00
SLES10: Security update for MozillaFirefox
2009-10-13 00:00:00
Ubuntu Update for firefox vulnerabilities USN-623-1
2009-03-23 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: firefox-2.0.0.16-1.fc8
2008-07-18 08:07:34
[SECURITY] Fedora 8 Update: gnome-web-photo-0.3-12.fc8
2008-07-18 08:07:34
[SECURITY] Fedora 8 Update: gtkmozembedmm-1.4.2.cvs20060817-22.fc8
2008-07-18 08:07:34
nessus
nessus
Debian DSA-1614-1 : iceweasel - several vulnerabilities
2008-07-24 00:00:00
Ubuntu 6.06 LTS / 7.04 / 7.10 : firefox vulnerabilities (USN-623-1)
2008-07-18 00:00:00
RHEL 4 : firefox (RHSA-2008:0598)
2008-07-17 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2008-07-17 00:00:00
Devhelp, Epiphany, Midbrowser and Yelp update
2008-08-04 00:00:00
Firefox and xulrunner vulnerabilities
2008-07-28 00:00:00
redhat
redhat
(RHSA-2008:0598) Critical: firefox security update
2008-07-16 00:00:00
(RHSA-2008:0597) Critical: firefox security update
2008-07-16 00:00:00
(RHSA-2008:0599) Critical: seamonkey security update
2008-07-16 00:00:00
centos
centos
firefox security update
2008-07-17 02:50:07
devhelp, firefox, xulrunner security update
2008-07-17 02:39:25
seamonkey security update
2008-07-18 05:08:12
oraclelinux
oraclelinux
firefox security update
2008-07-16 00:00:00
firefox security update
2008-07-16 00:00:00
seamonkey security update
2008-07-16 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2008-07-18 00:00:00
Mozilla Foundation Security Advisory 2008-34
2008-07-18 00:00:00
Mozilla Foundation Security Advisory 2008-35
2008-07-18 00:00:00
osv
osv
iceweasel - several vulnerabilities
2008-07-23 00:00:00
xulrunner - several vulnerabilities
2008-07-23 00:00:00
icedove - several vulnerabilities
2008-07-27 00:00:00
prion
prion
Buffer overflow
2008-06-19 21:41:00
Buffer overflow
2008-06-19 21:41:00
Design/Logic Flaw
2008-07-17 13:41:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:23:55
Information Disclosure
2020-04-10 00:23:56
cve
cve
CVE-2008-2785
2008-06-19 21:41:00
CVE-2008-3198
2008-07-17 13:41:00
CVE-2008-2786
2008-06-19 21:41:00
seebug
seebug
Mozilla Firefox URI拆分绕过安全限制漏洞
2008-07-17 00:00:00
Firefox CSSValue数组数据结构远程代码执行漏洞
2008-07-17 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Multiple Products CSSValue Array Memory Corruption (CVE-2008-2785)
2010-06-03 00:00:00
zdi
zdi
Mozilla Firefox CSSValue Array Memory Corruption Vulnerability
2008-07-17 00:00:00
ubuntucve
ubuntucve
CVE-2008-2785
2008-06-19 00:00:00
CVE-2008-2786
2008-06-19 00:00:00
CVE-2008-3198
2008-07-17 00:00:00
mozilla
mozilla
Remote code execution by overflowing CSS reference counter — Mozilla
2008-07-15 00:00:00
Command-line URLs launch multiple tabs when Firefox not running — Mozilla
2008-07-15 00:00:00
cert
cert
Mozilla Firefox command line URI handling vulnerability
2008-07-16 00:00:00
debian
debian
[SECURITY] [DSA 1615-1] New xulrunner packages fix several vulnerabilities
2008-07-23 20:33:58
[SECURITY] [DSA 1621-1] New icedove packages fix several vulnerabilities
2008-07-27 21:38:47
[SECURITY] [DSA 1697-1] New iceape packages fix several vulnerabilities
2009-01-07 21:41:42
gentoo
gentoo
Mozilla products: Multiple vulnerabilities
2008-08-06 00:00:00

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.012 Low

EPSS

Percentile

85.3%

JSON
Related for DEBIAN:DSA-1614-1:B70A7
openvas70fedora27nessus48ubuntu4redhat4centos5oraclelinux4securityvulns4osv4prion4veracode2cve4seebug2checkpoint_advisories1zdi1ubuntucve4mozilla2cert1debian3gentoo1