Lucene search

K
osvGoogleOSV:DSA-1886-1
HistorySep 14, 2009 - 12:00 a.m.

iceweasel - several vulnerabilities

2009-09-1400:00:00
Google
osv.dev
2

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.019 Low

EPSS

Percentile

87.0%

Several remote vulnerabilities have been discovered in the Iceweasel web
browser, an unbranded version of the Firefox browser. The Common
Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2009-3079
    “moz_bug_r_a4” discovered that a programming error in the FeedWriter
    module could lead to the execution of Javascript code with elevated
    privileges.
  • CVE-2009-1310
    Prateek Saxena discovered a cross-site scripting vulnerability in
    the MozSearch plugin interface.

For the stable distribution (lenny), these problems have been fixed in
version 3.0.6-3.

As indicated in the Etch release notes, security support for the
Mozilla products in the oldstable distribution needed to be stopped
before the end of the regular Etch security maintenance life cycle.
You are strongly encouraged to upgrade to stable or switch to a still
supported browser.

For the unstable distribution (sid), these problems have been fixed in
version 3.0.14-1.

For the experimental distribution, these problems have been fixed in
version 3.5.3-1.

We recommend that you upgrade your iceweasel packages.

CPENameOperatorVersion
iceweaseleq3.0.5-1
iceweaseleq3.0.6-1

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.019 Low

EPSS

Percentile

87.0%

Related for OSV:DSA-1886-1