Debian 4.0 DSA-1607-1 Severe: Iceweasel Remote Code Threat
debian
July 11, 2008
Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code.
Summary
Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of
arbitrary code.
CVE-2008-2799
Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in
the Javascript engine, which might allow the execution of arbitrary code.
CVE-2008-2800
"moz_bug_r_a4" discovered several cross-site scripting vulnerabilities.
CVE-2008-2801
Collin Jackson and Adam Barth discovered that Javascript code
could be executed in the context or signed JAR archives.
CVE-2008-2802
"moz_bug_r_a4" discovered that XUL documements can escalate
privileges by accessing the pre-compiled "fastload" file.
CVE-2008-2803
"moz_bug_r_a4" discovered that missing input sanitising in the
mozIJSSubScriptLoader.loadSubScript() function could lead to the
execution of arbitrary code. Iceweasel itself is not affected, but
some addons are.
CVE-2008-2805
Claudio Santambrogio discovered that ...
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!