Debian: DSA-2583-1 Critical Update for Iceweasel Remote Threats
debian
December 8, 2012
Multiple vulnerabilities have been found in Iceweasel, the Debian web browser based on Mozilla Firefox: CVE-2012-5829
Topics Covered
Summary
CVE-2012-5829
Heap-based buffer overflow in the nsWindow::OnExposeEvent function could
allow remote attackers to execute arbitrary code.
CVE-2012-5842
Multiple unspecified vulnerabilities in the browser engine could allow remote
attackers to cause a denial of service (memory corruption and application
crash) or possibly execute arbitrary code.
CVE-2012-4207
The HZ-GB-2312 character-set implementation does not properly handle a ~
(tilde) character in proximity to a chunk delimiter, which allows remote
attackers to conduct cross-site scripting (XSS) attacks via a crafted
document.
CVE-2012-4201
The evalInSandbox implementation uses an incorrect context during the
handling of JavaScript code that sets the location.href property, which
allows remote attackers to conduct cross-site scripting (XSS) attacks or read
arbitrary files by leveraging a sandboxed add-on.
CVE-2012-4216
Use-after-free vulnerability in the gfxFont::GetFontEntry function allows
remote attackers to execute ...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: iceweasel
CVE ID: CVE-2012-4201 CVE-2012-4207 CVE-2012-4216 CVE-2012-5829
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!