Oval Definition:oval:org.mitre.oval:def:13605
Revision Date:2014-06-23Version:20
Title:DSA-1707-1 iceweasel -- several vulnerabilities
Description:Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. CVE-2008-5503 Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. CVE-2008-5504 It was discovered that attackers could run arbitrary JavaScript with chrome privileges via vectors related to the feed preview. CVE-2008-5506 Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. CVE-2008-5507 Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. CVE-2008-5508 Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. CVE-2008-5510 Kojima Hajime and Jun Muto discovered that escaped null characters were ignored by the CSS parser and could lead to the bypass of protection mechanisms CVE-2008-5511 It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." CVE-2008-5512 It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. CVE-2008-5513 moz_bug_r_a4 discovered that the session-restore feature does not properly sanitise input leading to arbitrary injections. This issue could be used to perform an XSS attack or run arbitrary JavaScript with chrome privileges. For the stable distribution these problems have been fixed in version 2.0.0.19-0etch1. For the testing distribution and the unstable distribution these problems have been fixed in version 3.0.5-1. Please note iceweasel in Lenny links dynamically against xulrunner. We recommend that you upgrade your iceweasel package.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2008-5500
CVE-2008-5503
CVE-2008-5504
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5510
CVE-2008-5511
CVE-2008-5512
CVE-2008-5513
DSA-1707-1
Platform(s):Debian GNU/Linux 4.0
Product(s):iceweasel
Definition Synopsis
  • Debian GNU/Linux 4.0 is installed.
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND Packages section
  • mozilla-firefox-gnome-support DPKG is earlier than 2.0.0.19-0etch1
  • OR mozilla-firefox DPKG is earlier than 2.0.0.19-0etch1
  • OR firefox DPKG is earlier than 2.0.0.19-0etch1
  • OR firefox-dom-inspector DPKG is earlier than 2.0.0.19-0etch1
  • OR iceweasel-dom-inspector DPKG is earlier than 2.0.0.19-0etch1
  • OR mozilla-firefox-dom-inspector DPKG is earlier than 2.0.0.19-0etch1
  • OR firefox-gnome-support DPKG is earlier than 2.0.0.19-0etch1
  • OR iceweasel-gnome-support DPKG is earlier than 2.0.0.19-0etch1
  • OR iceweasel-dbg DPKG is earlier than 2.0.0.19-0etch1
  • OR iceweasel DPKG is earlier than 2.0.0.19-0etch1
    • BACK