GoogleOSV:DSA-2296-1iceweasel - several
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.837 High
EPSS
Percentile
98.0%
Several vulnerabilities have been discovered in Iceweasel, a web browser
based on Firefox. The included XULRunner library provides rendering
services for several other applications included in Debian.
- CVE-2011-0084
regenrecht discovered that incorrect pointer handling in the SVG
processing code could lead to the execution of arbitrary code. - CVE-2011-2378
regenrecht discovered that incorrect memory management in DOM
processing could lead to the execution of arbitrary code. - CVE-2011-2981
moz_bug_r_a_4 discovered a Chrome privilege escalation
vulnerability in the event handler code. - CVE-2011-2982
Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory
corruption bugs, which may lead to the execution of arbitrary code. - CVE-2011-2983
shutdown discovered an information leak in the handling of
RegExp.input. - CVE-2011-2984
moz_bug_r_a4 discovered a Chrome privilege escalation
vulnerability.
For the oldstable distribution (lenny), this problem has been fixed in
version 1.9.0.19-13 of the xulrunner source package.
For the stable distribution (squeeze), this problem has been fixed in
version 3.5.16-9.
For the unstable distribution (sid), this problem has been fixed in
version 6.0-1
We recommend that you upgrade your iceweasel packages.
References
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.837 High
EPSS
Percentile
98.0%