Debian Security Advisory
DSA-2342-1 iceape -- several vulnerabilities
- Date Reported:
- 09 Nov 2011
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2011-3647, CVE-2011-3648, CVE-2011-3650.
- More information:
Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey:
moz_bug_r_a4discovered a privilege escalation vulnerability in addon handling.
Yosuke Hasegawa discovered that incorrect handling of Shift-JIS encodings could lead to cross-site scripting.
The oldstable distribution (lenny) is not affected. The iceape package only provides the XPCOM code.
For the stable distribution (squeeze), this problem has been fixed in version 2.0.11-9.
For the unstable distribution (sid), this problem has been fixed in version 2.0.14-9.
We recommend that you upgrade your iceape packages.