iceweasel - several

2011-11-0900:00:00

Google

osv.dev

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

Several vulnerabilities have been discovered in Iceweasel, a web browser
based on Firefox. The included XULRunner library provides rendering
services for several other applications included in Debian.

CVE-2011-3647
moz_bug_r_a4 discovered a privilege escalation vulnerability in
addon handling.
CVE-2011-3648
Yosuke Hasegawa discovered that incorrect handling of Shift-JIS
encodings could lead to cross-site scripting.
CVE-2011-3650
Marc Schoenefeld discovered that profiling the JavaScript code
could lead to memory corruption.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.9.0.19-15 of the xulrunner source package.

For the stable distribution (squeeze), this problem has been fixed in
version 3.5.16-11.

For the unstable distribution (sid), this problem has been fixed in
version 8.0-1.

We recommend that you upgrade your iceweasel packages.

CPENameOperatorVersion
xulrunnereq1.9.0.15-0lenny1
xulrunnereq1.9.0.10-1
xulrunnereq1.9.0.7-1
xulrunnereq1.9.0.19-9
xulrunnereq1.9.0.19-7
xulrunnereq1.9.0.14-0lenny1
xulrunnereq1.9.0.19-5
xulrunnereq1.9.0.16-1
xulrunnereq1.9.0.7-0lenny1
xulrunnereq1.9.0.12-0lenny1

Name	Operator	Version
xulrunner	eq	1.9.0.15-0lenny1
xulrunner	eq	1.9.0.10-1
xulrunner	eq	1.9.0.7-1
xulrunner	eq	1.9.0.19-9
xulrunner	eq	1.9.0.19-7
xulrunner	eq	1.9.0.14-0lenny1
xulrunner	eq	1.9.0.19-5
xulrunner	eq	1.9.0.16-1
xulrunner	eq	1.9.0.7-0lenny1
xulrunner	eq	1.9.0.12-0lenny1