Lucene search

K
osvGoogleOSV:DSA-1424-1
HistoryDec 08, 2007 - 12:00 a.m.

iceweasel - several vulnerabilities

2007-12-0800:00:00
Google
osv.dev
5

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.936 High

EPSS

Percentile

98.7%

Several remote vulnerabilities have been discovered in the Iceweasel web
browser, an unbranded version of the Firefox browser. The Common
Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2007-5947
    Jesse Ruderman and Petko D. Petkov discovered that the URI handler
    for JAR archives allows cross-site scripting.
  • CVE-2007-5959
    Several crashes in the layout engine were discovered, which might
    allow the execution of arbitrary code.
  • CVE-2007-5960
    Gregory Fleischer discovered a race condition in the handling of
    the window.location property, which might lead to cross-site
    request forgery.

The Mozilla products in the oldstable distribution (sarge) are no longer
supported with security updates.

For the stable distribution (etch) these problems have been fixed in
version 2.0.0.10-0etch1.

For the unstable distribution (sid) these problems have been fixed in
version 2.0.0.10-2.

We recommend that you upgrade your iceweasel packages.

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.936 High

EPSS

Percentile

98.7%