Explore top 10 tips to secure your open-source projects now. Read More
×Several vulnerabilities have been discovered in Iceweasel, a web
browser based on Firefox. The included XULRunner library provides
rendering services for several other applications included in Debian.
CVE-2012-1948
Benoit Jacob, Jesse Ruderman, Christian Holler, and Bill McCloskey
identified several memory safety problems that may lead to the
execution of arbitrary code.
CVE-2012-1950
Mario Gomes and Code Audit Labs discovered that it is possible
to force iceweasel to display the URL of the previous entered site
through drag and drop actions to the address bar. This can be
abused to perform phishing attacks.
CVE-2012-1954
Abhishek Arya discovered a use-after-free problem in nsDocument::AdoptNode
that may lead to the execution of arbitrary code.
CVE-2012-1966
moz_bug_r_a4 discovered that it is possible to perform cross-site
scripting attacks through the context menu when using data: URLs.
CVE-2012-1967
moz_bug_r_a4 discovered that in certain cases, javascript: URLs can
be execu...
Get the latest Linux and open source security news straight to your inbox.