Several vulnerabilities have been discovered in Iceweasel, a web browser
based on Firefox. The included XULRunner library provides rendering
services for several other applications included in Debian.
- CVE-2011-0084
regenrecht discovered that incorrect pointer handling in the SVG
processing code could lead to the execution of arbitrary code.
- CVE-2011-2378
regenrecht discovered that incorrect memory management in DOM
processing could lead to the execution of arbitrary code.
- CVE-2011-2981
moz_bug_r_a_4 discovered a Chrome privilege escalation
vulnerability in the event handler code.
- CVE-2011-2982
Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory
corruption bugs, which may lead to the execution of arbitrary code.
- CVE-2011-2983
shutdown discovered an information leak in the handling of
RegExp.input.
- CVE-2011-2984
moz_bug_r_a4 discovered a Chrome privilege escalation
vulnerability.
For the oldstable distribution (lenny), this problem has been fixed in
version 1.9.0.19-13 of the xulrunner source package.
For the stable distribution (squeeze), this problem has been fixed in
version 3.5.16-9.
For the unstable distribution (sid), this problem has been fixed in
version 6.0-1
We recommend that you upgrade your iceweasel packages.