iceweasel - security update

2014-10-1500:00:00

Google

osv.dev

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Multiple security issues have been found in Iceweasel, Debian’s version
of the Mozilla Firefox web browser: Multiple memory safety errors, buffer
overflows, use-after-frees and other implementation errors may lead to
the execution of arbitrary code, denial of service, the bypass of the
same-origin policy or a loss of privacy.

This update updates Iceweasel to the ESR31 series of Firefox. The new
release introduces a new user interface.

In addition, this update also disables SSLv3.

For the stable distribution (wheezy), these problems have been fixed in
version 31.2.0esr-2~deb7u1.

For the unstable distribution (sid), these problems have been fixed in
version 31.2.0esr-1.

For the experimental distribution, these problems have been fixed in
version 33.0-1.

We recommend that you upgrade your iceweasel packages.

CPENameOperatorVersion
iceweaseleq22.0-1
iceweaseleq25.0~b3-1
iceweaseleq12.0-7
iceweaseleq24.0-2
iceweaseleq14.0.1-2
iceweaseleq13.0-1
iceweaseleq27.0-1
iceweaseleq17.0.9esr-1~deb7u1
iceweaseleq31.0~b1-1
iceweaseleq24.0~b4-1

Name	Operator	Version
iceweasel	eq	22.0-1
iceweasel	eq	25.0~b3-1
iceweasel	eq	12.0-7
iceweasel	eq	24.0-2
iceweasel	eq	14.0.1-2
iceweasel	eq	13.0-1
iceweasel	eq	27.0-1
iceweasel	eq	17.0.9esr-1~deb7u1
iceweasel	eq	31.0~b1-1
iceweasel	eq	24.0~b4-1