Lucene search

K
osvGoogleOSV:DSA-2296-1
HistoryAug 17, 2011 - 12:00 a.m.

iceweasel - several

2011-08-1700:00:00
Google
osv.dev
16

0.8 High

EPSS

Percentile

98.3%

Several vulnerabilities have been discovered in Iceweasel, a web browser
based on Firefox. The included XULRunner library provides rendering
services for several other applications included in Debian.

  • CVE-2011-0084
    regenrecht discovered that incorrect pointer handling in the SVG
    processing code could lead to the execution of arbitrary code.
  • CVE-2011-2378
    regenrecht discovered that incorrect memory management in DOM
    processing could lead to the execution of arbitrary code.
  • CVE-2011-2981
    moz_bug_r_a_4 discovered a Chrome privilege escalation
    vulnerability in the event handler code.
  • CVE-2011-2982
    Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory
    corruption bugs, which may lead to the execution of arbitrary code.
  • CVE-2011-2983
    shutdown discovered an information leak in the handling of
    RegExp.input.
  • CVE-2011-2984
    moz_bug_r_a4 discovered a Chrome privilege escalation
    vulnerability.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.9.0.19-13 of the xulrunner source package.

For the stable distribution (squeeze), this problem has been fixed in
version 3.5.16-9.

For the unstable distribution (sid), this problem has been fixed in
version 6.0-1

We recommend that you upgrade your iceweasel packages.