Debian Iceweasel DSA-2565-1 Critical Remote Code Threat Advisory
debian
October 23, 2012
Multiple vulnerabilities have been discovered in Iceweasel, Debian's version of the Mozilla Firefox web browser
Topics Covered
Summary
Multiple vulnerabilities have been discovered in Iceweasel, Debian's
version of the Mozilla Firefox web browser. The Common
Vulnerabilities and Exposures project identifies the following
problems:
CVE-2012-3982
Multiple unspecified vulnerabilities in the browser engine
allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
CVE-2012-3986
Iceweasel does not properly restrict calls to DOMWindowUtils
methods, which allows remote attackers to bypass intended
access restrictions via crafted JavaScript code.
CVE-2012-3990
A Use-after-free vulnerability in the IME State Manager
implementation allows remote attackers to execute arbitrary
code via unspecified vectors, related to the
nsIContent::GetNameSpaceID function.
CVE-2012-3991
Iceweasel does not properly restrict JSAPI access to the
GetProperty function, which allows remote attackers to bypass
the Same Origin Policy and possibly have u...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: iceweasel
CVE ID: CVE-2012-3982 CVE-2012-3986 CVE-2012-3990 CVE-2012-3991
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!