Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 521
Alerts This Week
Warning Icon 1 521

Debian: DSA-2186-1 Urgent Iceweasel Vulnerability Exploit Threat

debian
Calendar Grey March 9, 2011
Debian Logo
Important patch issued to mitigate multiple vulnerabilities in the Iceweasel browser intended for Debian users, notably concerning potential remote code execution threats.
Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox

Summary

Several vulnerabilities have been discovered in Iceweasel, a web browser
based on Firefox. The included XULRunner library provides rendering
services for several other applications included in Debian.

CVE-2010-1585

Roberto Suggi Liverani discovered that the sanitising performed by
ParanoidFragmentSink was incomplete.

CVE-2011-0053

Crashes in the layout engine may lead to the execution of arbitrary
code.

CVE-2011-0051

Zach Hoffmann discovered that incorrect parsing of recursive eval()
calls could lead to attackers forcing acceptance of a confirmation
dialogue.

CVE-2011-0054, CVE-2010-0056

Christian Holler discovered buffer overflows in the Javascript engine,
which could allow the execution of arbitrary code.

CVE-2011-0055

"regenrecht" and Igor Bukanov discovered a use-after-free error in the
JSON-Implementation, which could lead to the execution of arbitrary code.

CVE-2011-0057

Daniel Kozlowski discovered that incorrect memory handling the web workers implementatio...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: iceweasel
CVE ID: CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.