Debian Security Advisory
DSA-2341-1 iceweasel -- several vulnerabilities
- Date Reported:
- 09 Nov 2011
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2011-3647, CVE-2011-3648, CVE-2011-3650.
- More information:
Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.
moz_bug_r_a4discovered a privilege escalation vulnerability in addon handling.
Yosuke Hasegawa discovered that incorrect handling of Shift-JIS encodings could lead to cross-site scripting.
For the oldstable distribution (lenny), this problem has been fixed in version 220.127.116.11-15 of the xulrunner source package.
For the stable distribution (squeeze), this problem has been fixed in version 3.5.16-11.
For the unstable distribution (sid), this problem has been fixed in version 8.0-1.
We recommend that you upgrade your iceweasel packages.