Debian: New iceweasel packages fix several vulnerabilities

    Date03 Aug 2007
    CategoryDebian
    2804
    Posted ByLinuxSecurity Advisories
    Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the security flaws. "moz_bug_r_a4" discovered that a regression in the handling of "about:blank" windows used by addons may lead to an attacker being able to modify the content of web sites.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1344-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                         Moritz Muehlenhoff
    August 3rd, 2007                        http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : iceweasel
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CVE-2007-3844 CVE-2007-3845
    
    Several remote vulnerabilities have been discovered in the Iceweasel web
    browser, an unbranded version of the Firefox browser. The Common 
    Vulnerabilities and Exposures project identifies the following problems:
    
    CVE-2007-3844
    
        "moz_bug_r_a4" discovered that a regression in the handling of
        "about:blank" windows used by addons may lead to an attacker being
        able to modify the content of web sites.
    
    CVE-2007-3845
    
        Jesper Johansson discovered that missing sanitising of double-quotes
        and spaces in URIs passed to external programs may allow an attacker
        to pass arbitrary arguments to the helper program if the user is
        tricked into opening a malformed web page.
    
    The Mozilla products in the oldstable distribution (sarge) are no longer
    supported with with security updates.
    
    For the stable distribution (etch) these problems have been fixed in version
    2.0.0.6-0etch1.
    
    For the unstable distribution (sid) these problems have been fixed in version
    2.0.0.6-1.
    
    We recommend that you upgrade your iceweasel packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1.dsc
          Size/MD5 checksum:     1286 6c5645d987f92f3ca740f6f8b32e629e
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1.diff.gz
          Size/MD5 checksum:   185637 9eec31b6ee5e26f7ab5c821276c7b07f
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6.orig.tar.gz
          Size/MD5 checksum: 43921246 7926906f722ce63f1dc265584d4eedbb
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.6-0etch1_all.deb
          Size/MD5 checksum:    53778 2ad158343a2ca999ad67c1e887e0f9a4
        http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.6-0etch1_all.deb
          Size/MD5 checksum:    53742 864665a331bb50b7f0b3e4710712fd4b
        http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.6-0etch1_all.deb
          Size/MD5 checksum:    53898 ab7dc7ed35b05c831a6a85c5c9bbd089
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.6-0etch1_all.deb
          Size/MD5 checksum:   235008 9794664bc04f4fdf58dc495c08e963f0
        http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.6-0etch1_all.deb
          Size/MD5 checksum:    53624 70bd9857cefdb0201189dfbc5195c374
        http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.6-0etch1_all.deb
          Size/MD5 checksum:    53622 8a69ff7e8a0188ff7a3b49cd675c67c2
        http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.6-0etch1_all.deb
          Size/MD5 checksum:    54420 91dcdf7f9efd927051f9c264a32ab53e
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_alpha.deb
          Size/MD5 checksum: 11544126 14bcc2e02395e3110ec923e2f41b3e29
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_alpha.deb
          Size/MD5 checksum: 51004986 50d1abe0929c6ac00da6f6e8a16a9b6a
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_alpha.deb
          Size/MD5 checksum:    90654 0f46e4bda500f82cccda7fbc0df2fea6
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_amd64.deb
          Size/MD5 checksum: 10111134 0ca8d2dc23e248d6768ff964e036b804
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_amd64.deb
          Size/MD5 checksum: 49984960 b271726a43c4bb31a6bfccec43281635
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_amd64.deb
          Size/MD5 checksum:    87532 e4efccda84573a4365aaa3a3e1ccb624
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_arm.deb
          Size/MD5 checksum:  9157128 23228833df46ff483b3e3fce84b5bf33
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_arm.deb
          Size/MD5 checksum: 49095538 dab2c26a8bdc39f50bd111e1cc7d7390
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_arm.deb
          Size/MD5 checksum:    80964 813eb6eaaffd5b692f7ddbfc47041bf5
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_hppa.deb
          Size/MD5 checksum: 11014234 a18629f4efc11a6d4ecd89fe84515f53
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_hppa.deb
          Size/MD5 checksum: 50373572 5a15829f2665f64443836009ea21063b
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_hppa.deb
          Size/MD5 checksum:    89036 34d450b917e57b5ca585468d2613dc0f
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_i386.deb
          Size/MD5 checksum:  9083732 772d097f5b7092e6c6a69e6641a5934a
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_i386.deb
          Size/MD5 checksum: 49398796 77d7a1a636b9887249169b2eb6003b94
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_i386.deb
          Size/MD5 checksum:    81472 0d626e54ef0e4478cccda71c5f9b110b
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_ia64.deb
          Size/MD5 checksum: 14098356 6414baef68a590e028d253b6840cd6d2
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_ia64.deb
          Size/MD5 checksum: 50343230 8f27cfd66eba3d9058d03b75c59a214d
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_ia64.deb
          Size/MD5 checksum:    99828 58778a84d9d4c059d9e829d009ff54f6
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_mipsel.deb
          Size/MD5 checksum: 10723240 238e11b88a30a2f861b214bb91ed2904
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_mipsel.deb
          Size/MD5 checksum: 52347770 1c81b1075719d0615a0ca1d7130baae8
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_mipsel.deb
          Size/MD5 checksum:    82638 c266fa51db7e2477d0032491025e29e0
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_powerpc.deb
          Size/MD5 checksum:  9898412 522fd840d7027f697e323566648c3131
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_powerpc.deb
          Size/MD5 checksum: 51798476 0c268ca194a1c9fe1013f1adc4e6614b
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_powerpc.deb
          Size/MD5 checksum:    83174 5d812a2ad6841945fe2ee3da76215301
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_s390.deb
          Size/MD5 checksum: 10320458 5674ea90f298ba4a06a7eb408a25ad12
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_s390.deb
          Size/MD5 checksum: 50666870 bd4cb8f829573bcb5d4958593dec9b8c
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_s390.deb
          Size/MD5 checksum:    87550 6c2e27336d1b6ce1ec53d42ac419a38b
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_sparc.deb
          Size/MD5 checksum:  9107982 cecf07a2546c06069e32d4b5af35bfae
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_sparc.deb
          Size/MD5 checksum: 49010048 898a9bd9a7e17e7b4bd055c485180389
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_sparc.deb
          Size/MD5 checksum:    81330 25467c48b6f67b16c7f035a6f335a7d5
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.