iceweasel - several vulnerabilities

Several remote vulnerabilities have been discovered in the Iceweasel
webbrowser, an unbranded version of the Firefox browser. The Common
Vulnerabilities and Exposures project identifies the following problems:

• CVE-2008-0017
  Justin Schuh discovered that a buffer overflow in the http-index-format
  parser could lead to arbitrary code execution.
• CVE-2008-4582
  Liu Die Yu discovered an information leak through local shortcut
  files.
• CVE-2008-5012
  Georgi Guninski, Michal Zalewski and Chris Evan discovered that
  the canvas element could be used to bypass same-origin
  restrictions.
• CVE-2008-5013
  It was discovered that insufficient checks in the Flash plugin glue
  code could lead to arbitrary code execution.
• CVE-2008-5014
  Jesse Ruderman discovered that a programming error in the
  window.__proto__.__proto__ object could lead to arbitrary code
  execution.
• CVE-2008-5017
  It was discovered that crashes in the layout engine could lead to
  arbitrary code execution.
• CVE-2008-5018
  It was discovered that crashes in the Javascript engine could lead to
  arbitrary code execution.
• CVE-2008-5021
  It was discovered that a crash in the nsFrameManager might lead to
  the execution of arbitrary code.
• CVE-2008-5022
  moz_bug_r_a4 discovered that the same-origin check in
  nsXMLHttpRequest::NotifyEventListeners() could be bypassed.
• CVE-2008-5023
  Collin Jackson discovered that the -moz-binding property bypasses
  security checks on codebase principals.
• CVE-2008-5024
  Chris Evans discovered that quote characters were improperly
  escaped in the default namespace of E4X documents.

For the stable distribution (etch), these problems have been fixed in
version 2.0.0.18-0etch1.

For the upcoming stable distribution (lenny) and the unstable distribution
(sid), these problems have been fixed in version 3.0.4-1 of iceweasel
and version 1.9.0.4-1 of xulrunner. Packages for arm and mips will be
provided soon.

We recommend that you upgrade your iceweasel package.