iceweasel - arbitrary code execution

2008-04-2300:00:00

Google

osv.dev

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

It was discovered that crashes in the Javascript engine of Iceweasel,
an unbranded version of the Firefox browser, could potentially lead to
the execution of arbitrary code.

For the stable distribution (etch), this problem has been fixed in
version 2.0.0.14-0etch1.

For the unstable distribution (sid), this problem has been fixed in
version 2.0.0.14-1.

We recommend that you upgrade your iceweasel package.

CPENameOperatorVersion
iceweaseleq2.0.0.6-1
iceweaseleq2.0.0.8-1
iceweaseleq2.0.0.6-0etch1+lenny1
iceweaseleq2.0.0.4-0etch1
iceweaseleq2.0.0.10-1
iceweaseleq2.0.0.9-1
iceweaseleq2.0.0.13-0etch1
iceweaseleq2.0.0.3-1
iceweaseleq2.0.0.12-1
iceweaseleq2.0.0.11-1

Name	Operator	Version
iceweasel	eq	2.0.0.6-1
iceweasel	eq	2.0.0.8-1
iceweasel	eq	2.0.0.6-0etch1+lenny1
iceweasel	eq	2.0.0.4-0etch1
iceweasel	eq	2.0.0.10-1
iceweasel	eq	2.0.0.9-1
iceweasel	eq	2.0.0.13-0etch1
iceweasel	eq	2.0.0.3-1
iceweasel	eq	2.0.0.12-1
iceweasel	eq	2.0.0.11-1