Debian 4.0: DSA-1649-1 Severe: Iceweasel Remote Threats Addressed
debian
October 8, 2008
Several remote vulnerabilities have been discovered in the Iceweasel web
browser, an unbranded version of the Firefox browser
Summary
Justin Schuh, Tom Cross and Peter Williams discovered a buffer
overflow in the parser for UTF-8 URLs, which may lead to the
execution of arbitrary code.
CVE-2008-3835
"moz_bug_r_a4" discovered that the same-origin check in
nsXMLDocument::OnChannelRedirect() could by bypassed.
CVE-2008-3836
"moz_bug_r_a4" discovered that several vulnerabilities in
feedWriter could lead to Chrome privilege escalation.
CVE-2008-3837
Paul Nickerson discovered that an attacker could move windows
during a mouse click, resulting in unwanted action triggered by
drag-and-drop.
CVE-2008-4058
"moz_bug_r_a4" discovered a vulnerability which can result in
Chrome privilege escalation through XPCNativeWrappers.
CVE-2008-4059
"moz_bug_r_a4" discovered a vulnerability which can result in
Chrome privilege escalation through XPCNativeWrappers.
CVE-2008-4060
Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege
escalation vulnerability in XSLT handling.
...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!