iceweasel - several vulnerabilities

2008-07-2300:00:00

Google

osv.dev

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

Several remote vulnerabilities have been discovered in the Iceweasel
web browser, an unbranded version of the Firefox browser. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2008-2785
It was discovered that missing boundary checks on a reference
counter for CSS objects can lead to the execution of arbitrary code.
CVE-2008-2933
Billy Rios discovered that passing an URL containing a pipe symbol
to Iceweasel can lead to Chrome privilege escalation.

For the stable distribution (etch), these problems have been fixed in
version 2.0.0.16-0etch1. Updated packages for ia64, arm and mips are
not yet available and will be released as soon as they have been built.

For the unstable distribution (sid), these problems have been fixed in
xulrunner 1.9.0.1-1 and iceweasel 3.0.1-1.

We recommend that you upgrade your iceweasel package.

CPENameOperatorVersion
iceweaseleq2.0.0.6-1
iceweaseleq2.0.0.8-1
iceweaseleq2.0.0.14-0etch1
iceweaseleq2.0.0.6-0etch1+lenny1
iceweaseleq2.0.0.4-0etch1
iceweaseleq2.0.0.10-1
iceweaseleq2.0.0.9-1
iceweaseleq2.0.0.13-0etch1
iceweaseleq2.0.0.15-0etch1
iceweaseleq2.0.0.3-1

Name	Operator	Version
iceweasel	eq	2.0.0.6-1
iceweasel	eq	2.0.0.8-1
iceweasel	eq	2.0.0.14-0etch1
iceweasel	eq	2.0.0.6-0etch1+lenny1
iceweasel	eq	2.0.0.4-0etch1
iceweasel	eq	2.0.0.10-1
iceweasel	eq	2.0.0.9-1
iceweasel	eq	2.0.0.13-0etch1
iceweasel	eq	2.0.0.15-0etch1
iceweasel	eq	2.0.0.3-1