Debian: New iceweasel packages fix several vulnerabilities

    Date23 Jul 2007
    CategoryDebian
    3908
    Posted ByLinuxSecurity Advisories
    Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following flaws. Ronen Zilberman and Michal Zalewski discovered that a timing race allows the injection of content into about:blank frames.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1338-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                         Moritz Muehlenhoff
    July 23rd, 2007                         http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : iceweasel
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738
    
    Several remote vulnerabilities have been discovered in the Iceweasel web
    browser, an unbranded version of the Firefox browser. The Common 
    Vulnerabilities and Exposures project identifies the following problems:
    
    CVE-2007-3089
    
        Ronen Zilberman and Michal Zalewski discovered that a timing race
        allows the injection of content into about:blank frames.
    
    CVE-2007-3656
    
        Michal Zalewski discovered that same-origin policies for wyciwyg://
        documents are insufficiently enforced.
    
    CVE-2007-3734
    
        Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman,
        Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul
        Nickerson,and Vladimir Sukhoy discovered crashes in the layout engine,
        which might allow the execution of arbitrary code.
    
    CVE-2007-3735
    
        Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the
        javascript engine, which might allow the execution of arbitrary code.
    
    CVE-2007-3736
    
        "moz_bug_r_a4" discovered that the addEventListener() and setTimeout()
        functions allow cross-site scripting.
    
    CVE-2007-3737
    
        "moz_bug_r_a4" discovered that a programming error in event handling
        allows privilege escalation.
    
    CVE-2007-3738
    
        "shutdown" and "moz_bug_r_a4" discovered that the XPCNativeWrapper allows
        the execution of arbitrary code.
    
    The Mozilla products in the oldstable distribution (sarge) are no longer
    supported with with security updates. You're strongly encouraged to upgrade to
    stable as soon as possible.
    
    For the stable distribution (etch) these problems have been fixed in version
    2.0.0.5-0etch1. Builds for alpha and mips are not yet available, they will
    be provided later.
    
    For the unstable distribution (sid) these problems have been fixed in version
    2.0.0.5-1.
    
    We recommend that you upgrade your iceweasel packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1.dsc
          Size/MD5 checksum:     1286 59238f560ecb32cdbc56a63ddb209e55
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1.diff.gz
          Size/MD5 checksum:   185146 6524cf51c9e4b107d72600123967d6ef
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5.orig.tar.gz
          Size/MD5 checksum: 43667811 06e1bbe4d44d5b3333cabf8584844ca0
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.5-0etch1_all.deb
          Size/MD5 checksum:    53580 934bffd016c2040ae56d1701ab9ef8b0
        http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.5-0etch1_all.deb
          Size/MD5 checksum:    53548 01ec3b09cb5305f60952e8e7c8ac775f
        http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.5-0etch1_all.deb
          Size/MD5 checksum:    53702 d3ecadf21b84c62c473a658892510d73
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.5-0etch1_all.deb
          Size/MD5 checksum:   234160 bcf465cec9f922ad5e28c434cc9bce9a
        http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.5-0etch1_all.deb
          Size/MD5 checksum:    53432 cd14d22874e960c485e4cec1e559ef20
        http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.5-0etch1_all.deb
          Size/MD5 checksum:    53428 b2d685e70ff5a9c0be04c24efe8cd660
        http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.5-0etch1_all.deb
          Size/MD5 checksum:    54232 72be77489c8bc90232f09c3e4a37d2a8
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_amd64.deb
          Size/MD5 checksum: 10131746 6509776fdd7f65552627b22b7f0e5d5f
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_amd64.deb
          Size/MD5 checksum: 50034750 34db9be3f1aacd877fabacf163a716cf
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_amd64.deb
          Size/MD5 checksum:    87376 42ac4a2436251a5023a4122234a9b433
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_arm.deb
          Size/MD5 checksum:  9172536 d5a6afa28d7202a28151791944c6cbe4
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_arm.deb
          Size/MD5 checksum: 49133408 d8bfcda8c8f3675bbf4dfc2f84f88fb0
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_arm.deb
          Size/MD5 checksum:    80786 547a41d33735a51c539fd93f8584ca8c
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_hppa.deb
          Size/MD5 checksum: 11038942 73a12aae1df5a9ff435fdbf111641271
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_hppa.deb
          Size/MD5 checksum: 50416604 d1dd0fa25fac83208fbee1e5016bea40
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_hppa.deb
          Size/MD5 checksum:    88872 33dce9b617f9772f706ad4d711ccbacf
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_i386.deb
          Size/MD5 checksum:  9104036 31bd4e0e97fc842cfb36332222227701
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_i386.deb
          Size/MD5 checksum: 49439820 c7760fc3be07338899256b1bf00883e7
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_i386.deb
          Size/MD5 checksum:    81298 b9479b0ba634c0456301effa7f69ef14
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_ia64.deb
          Size/MD5 checksum: 14134080 497b02f80092d16b883a0fe5543e865a
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_ia64.deb
          Size/MD5 checksum: 50396004 1eefae991deb0610dfee10f5fc25929a
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_ia64.deb
          Size/MD5 checksum:    99638 ab6b8c85a7d7f796f6aa83c567d81f7a
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_mipsel.deb
          Size/MD5 checksum: 10744354 de1cb2892c1a5f2474301c967002db40
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_mipsel.deb
          Size/MD5 checksum: 52394050 8c57505e91c9ee8137d7f596de85cb20
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_mipsel.deb
          Size/MD5 checksum:    82468 624046892b6bc835db7ad352a58193b1
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_powerpc.deb
          Size/MD5 checksum:  9918324 b55975975e333962fbe7700f394e4efc
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_powerpc.deb
          Size/MD5 checksum: 51849604 a382e26d5f81f3cba80d3c74c803bfba
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_powerpc.deb
          Size/MD5 checksum:    82998 5b3f148c7e5115779efb9eab5f7ec085
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_s390.deb
          Size/MD5 checksum: 10343876 392bd7c3b4498f16a18af4f33433cdec
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_s390.deb
          Size/MD5 checksum: 50714240 4fcb5751ac1f74858e77ec55511ebfe3
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_s390.deb
          Size/MD5 checksum:    87386 78d93550b19df51bb0ecde33117dc657
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_sparc.deb
          Size/MD5 checksum:  9125776 96b405d93d02e5a80933fba0658c18d3
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_sparc.deb
          Size/MD5 checksum: 49052276 615dac8bcaeb9a4c5cdb6500fe519f8a
        http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_sparc.deb
          Size/MD5 checksum:    81150 63d0482567e238eae0d201b43696ca02
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.