Debian 6: DSA-2180-1 Moderate: Iceape Remote Exploitation Threat
debian
March 3, 2011
Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2010-1585
Topics Covered
Summary
Several vulnerabilities have been found in the Iceape internet suite, an
unbranded version of Seamonkey:
CVE-2010-1585
Roberto Suggi Liverani discovered that the sanitising performed by
ParanoidFragmentSink was incomplete.
CVE-2011-0051
Zach Hoffmann discovered that incorrect parsing of recursive eval()
calls could lead to attackers forcing acceptance of a confirmation
dialogue.
CVE-2011-0053
Crashes in the layout engine may lead to the execution of arbitrary
code.
CVE-2011-0054
Christian Holler discovered buffer overflows in the Javascript engine,
which could allow the execution of arbitrary code.
CVE-2010-0056
Christian Holler discovered buffer overflows in the Javascript engine,
which could allow the execution of arbitrary code.
CVE-2011-0055
"regenrecht" and Igor Bukanov discovered a use-after-free error in the
JSON-Implementation, which could lead to the execution of arbitrary code.
CVE-2011-0057
Daniel Kozlowski discovered that incorrect memory handling the web workers ...
PREVIOUS
NEXT
Package: iceape
CVE ID: CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!