Summary
Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.
The reported vulnerabilities could lead to the execution of arbitrary code or the bypass of content-loading restrictions via the location object.
Solution
For the stable distribution (squeeze), these problems have been fixed in version 3.5.16-18.
For the testing distribution (wheezy), these problems have been fixed in version 10.0.7esr-2.
For the unstable distribution (sid), these problems have been fixed in version 10.0.7esr-2.
We recommend that you upgrade your iceweasel packages.
Insight
Firefox is a redesign of the Mozilla browser component, similar to Galeon, K-Meleon and Camino, but written using the XUL user interface language and designed to be lightweight and cross-platform.
Affected
iceweasel on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3959, CVE-2012-3962, CVE-2012-3969, CVE-2012-3972, CVE-2012-3978 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities