Debian: New iceweasel packages fix several vulnerabilities

    Date08 Dec 2007
    CategoryDebian
    1951
    Posted ByLinuxSecurity Advisories
    Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. Jesse Ruderman and Petko D. Petkov discovered that the URI handler for JAR archives allows cross-site scripting.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1424-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                       Moritz Muehlenhoff
    December 08, 2007                     http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : iceweasel
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CVE-2007-5947 CVE-2007-5959 CVE-2007-5960
    
    Several remote vulnerabilities have been discovered in the Iceweasel web
    browser, an unbranded version of the Firefox browser. The Common
    Vulnerabilities and Exposures project identifies the following problems:
    
    CVE-2007-5947
    
        Jesse Ruderman and Petko D. Petkov discovered that the URI handler
        for JAR archives allows cross-site scripting.
    
    CVE-2007-5959
    
        Several crashes in the layout engine were discovered, which might
        allow the execution of arbitrary code.
    
    CVE-2007-5960
    
        Gregory Fleischer discovered a race condition in the handling of
        the "window.location" property, which might lead to cross-site
        request forgery.
    
    The Mozilla products in the oldstable distribution (sarge) are no longer
    supported with with security updates.
    
    For the stable distribution (etch) these problems have been fixed in
    version 2.0.0.10-0etch1.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 2.0.0.10-2.
    
    We recommend that you upgrade your iceweasel packages.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian 4.0 (stable)
    - -------------------
    
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1.dsc
        Size/MD5 checksum:     1289 30031e99f0594521e649eb8f7f080a54
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10.orig.tar.gz
        Size/MD5 checksum: 43505088 f016638930a16c0a44fb0b13b6804f99
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1.diff.gz
        Size/MD5 checksum:   186288 75492d134ad78c2a3f8c7a3f851d0e6c
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.10-0etch1_all.deb
        Size/MD5 checksum:    54716 09cee6268a092b9300beb2bd1ea7bf67
      http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.10-0etch1_all.deb
        Size/MD5 checksum:    54044 ceeb90ee28309be4785fac53f659d21d
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.10-0etch1_all.deb
        Size/MD5 checksum:   239252 b5e1932561074d83a32df5c8dab3f4d8
      http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.10-0etch1_all.deb
        Size/MD5 checksum:    54186 6fca16650d5396c091e9967330e77c29
      http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.10-0etch1_all.deb
        Size/MD5 checksum:    54076 d6efb7f19184d30db9368338bcf991b5
      http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.10-0etch1_all.deb
        Size/MD5 checksum:    53928 b7c1913d0c2ca87d7ea83b03c0d327c2
      http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.10-0etch1_all.deb
        Size/MD5 checksum:    53924 d8b3b367ad11122ce45cd52bb051f04f
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_alpha.deb
        Size/MD5 checksum: 11550394 d1d26a5c528540230f52ff10ac3ae23e
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_alpha.deb
        Size/MD5 checksum: 51052142 620c82916d4b66a6ee76b87366182089
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_alpha.deb
        Size/MD5 checksum:    90822 9ac379fc0c601cc8511371201b996698
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_amd64.deb
        Size/MD5 checksum:    87490 60f83326a7f344fe9834ae3fe8895b62
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_amd64.deb
        Size/MD5 checksum: 50039638 dabf8ef7580b504a3d196a05636ef088
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_amd64.deb
        Size/MD5 checksum: 10176298 9119f38cd1ad2f82c431591bf804dc6b
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_arm.deb
        Size/MD5 checksum:  9228834 e86cffc61612357818ec294a74eabbfa
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_arm.deb
        Size/MD5 checksum: 49133114 c0e2eb6a0cd133de08bee88f3075f40d
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_arm.deb
        Size/MD5 checksum:    81260 df61a86635f53be26c54b5f73a1d66fc
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_hppa.deb
        Size/MD5 checksum: 50405944 622c595550e18d27967eeaef510aceb5
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_hppa.deb
        Size/MD5 checksum:    89206 297ff408640ea7bf6e4054bfef8448b8
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_hppa.deb
        Size/MD5 checksum: 11025794 465902271fe5791631821748964e2b62
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_i386.deb
        Size/MD5 checksum:  9091212 0fa199d8de98cfca49325210ed823a6c
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_i386.deb
        Size/MD5 checksum:    81600 3792ff6da7de4bbcb16470038f10c4a8
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_i386.deb
        Size/MD5 checksum: 49430176 7d0466681bab9f40177451b6b1a415df
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_ia64.deb
        Size/MD5 checksum: 14109280 4e2df466b3317d4b7da74056ccd33cf4
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_ia64.deb
        Size/MD5 checksum: 50384210 cf73c1a8856bc596b59963179ad68c76
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_ia64.deb
        Size/MD5 checksum:    99796 8183b0bba38858221714bcc64e6b1b96
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_mips.deb
        Size/MD5 checksum: 53825892 6ae638d0442622e981ed0bb739480465
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_mips.deb
        Size/MD5 checksum:    82922 1a07be11a79484b9eed232451979cd5f
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_mips.deb
        Size/MD5 checksum: 10954574 5f794b588d1d987ab39a241a45e380d8
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_mipsel.deb
        Size/MD5 checksum: 52384634 3fc9ee7c2b49bbdce775222bf7a0b5cb
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_mipsel.deb
        Size/MD5 checksum: 10732344 812e9ba923390aeb276f905a149a1447
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_mipsel.deb
        Size/MD5 checksum:    82762 41f283d3cc7c14f11bd1012da2d03fd3
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_powerpc.deb
        Size/MD5 checksum:    83326 f3dbf30a7aa86ac64a1a586b9861bfd4
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_powerpc.deb
        Size/MD5 checksum: 51838412 551d3a0549c7f6a633a2c44305464869
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_powerpc.deb
        Size/MD5 checksum:  9911966 6dd5f24d2b19b60e5193cc3a4a7f6fa4
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_s390.deb
        Size/MD5 checksum: 50714116 5c137d63563275f256e62b4267f1783f
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_s390.deb
        Size/MD5 checksum: 10333216 35b0ad810916603417fe10344013b5ab
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_s390.deb
        Size/MD5 checksum:    87698 596716a1ceb5243820b4c644831cb4ad
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_sparc.deb
        Size/MD5 checksum: 49052450 bcefe06c2296cfd190364b3eff4e0d5c
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_sparc.deb
        Size/MD5 checksum:    81434 34e0345eb0430e59ad057bb0efcb98c5
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_sparc.deb
        Size/MD5 checksum:  9119000 1d5327c89d681fcbc7e8b80eaeab3834
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.