Lucene search
GoogleOSV:DSA-2433-1HistoryMar 15, 2012 - 12:00 a.m.
iceweasel - several
2012-03-1500:00:00
Google
osv.dev
6
0.056 Low
EPSS
Percentile
93.3%
Several vulnerabilities have been discovered in Iceweasel, a web browser
based on Firefox. The included XULRunner library provides rendering
services for several other applications included in Debian.
- CVE-2012-0455
Soroush Dalili discovered that a cross-site scripting countermeasure
related to JavaScript URLs could be bypassed. - CVE-2012-0456
Atte Kettunen discovered an out of bounds read in the SVG Filters,
resulting in memory disclosure. - CVE-2012-0458
Mariusz Mlynski discovered that privileges could be escalated through
a JavaScript URL as the home page. - CVE-2012-0461
Bob Clary discovered memory corruption bugs, which may lead to the
execution of arbitrary code.
For the stable distribution (squeeze), this problem has been fixed in
version 3.5.16-13.
For the unstable distribution (sid), this problem has been fixed in
version 10.0.3esr-1.
For the experimental distribution, this problem has been fixed in
version 11.0-1.
We recommend that you upgrade your iceweasel packages.
References
Related
nessus
nessus
Debian DSA-2433-1 : iceweasel - several vulnerabilities
2012-03-16 00:00:00
Debian DSA-2437-1 : icedove - several vulnerabilities
2012-03-22 00:00:00
Firefox 3.6.x < 3.6.28 Multiple Vulnerabilities
2012-03-15 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2437-1)
2012-04-30 00:00:00
Debian Security Advisory DSA 2437-1 (icedove)
2012-04-30 00:00:00
Debian: Security Advisory (DSA-2433-1)
2012-04-30 00:00:00
debian
debian
[SECURITY] [DSA 2437-1] icedove security update
2012-03-21 18:58:26
[SECURITY] [DSA 2433-1] iceweasel security update
2012-03-15 21:42:10
[SECURITY] [DSA 2548-1] iceape security update
2012-04-24 20:56:27
osv
osv
icedove - several
2012-03-21 00:00:00
iceape - several
2012-05-13 00:00:00
ubuntu
ubuntu
Xulrunner vulnerabilities
2012-03-19 00:00:00
Thunderbird vulnerabilities
2012-03-23 00:00:00
Firefox vulnerabilities
2012-03-16 00:00:00
suse
suse
Security update for Mozilla Firefox (critical)
2012-03-29 06:08:20
Security update for Mozilla Firefox (critical)
2012-03-28 21:08:31
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
oraclelinux
oraclelinux
thunderbird security update
2012-03-14 00:00:00
firefox security and bug fix update
2012-03-14 00:00:00
centos
centos
thunderbird security update
2012-03-14 11:41:24
firefox, xulrunner security update
2012-03-14 11:23:06
redhat
redhat
(RHSA-2012:0388) Critical: thunderbird security update
2012-03-14 00:00:00
(RHSA-2012:0387) Critical: firefox security and bug fix update
2012-03-14 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-03-13 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2020-04-10 01:07:54
Information Disclosure
2020-04-10 01:07:55
Arbitrary Code Execution
2020-04-10 01:08:00
prion
prion
Out-of-bounds
2012-03-14 19:55:00
Code injection
2012-03-14 19:55:00
Cross site scripting
2012-03-14 19:55:00
nvd
nvd
ubuntucve
ubuntucve
cve
cve
cvelist
cvelist
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-03-17 00:00:00
mozilla
mozilla
XSS with Drag and Drop and Javascript: URL — Mozilla
2012-03-13 00:00:00
Escalation of privilege with Javascript: URL as home page — Mozilla
2012-03-13 00:00:00
SVG issues found with Address Sanitizer — Mozilla
2012-03-13 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00