Detections
Analytics
Debian DSA-2341-1 : iceweasel - several vulnerabilities
high Nessus Plugin ID 56759
Language:
Synopsis
The remote Debian host is missing a security-related update.Description
Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.- CVE-2011-3647 'moz_bug_r_a4' discovered a privilege escalation vulnerability in addon handling.
- CVE-2011-3648 Yosuke Hasegawa discovered that incorrect handling of Shift-JIS encodings could lead to cross-site scripting.
- CVE-2011-3650 Marc Schoenefeld discovered that profiling the JavaScript code could lead to memory corruption.
Solution
Upgrade the iceweasel packages.For the oldstable distribution (lenny), this problem has been fixed in version 1.9.0.19-15 of the xulrunner source package.
For the stable distribution (squeeze), this problem has been fixed in version 3.5.16-11.
See Also
https://security-tracker.debian.org/tracker/CVE-2011-3647
https://security-tracker.debian.org/tracker/CVE-2011-3648
https://security-tracker.debian.org/tracker/CVE-2011-3650
Plugin Details
Severity: High
ID: 56759
File Name: debian_DSA-2341.nasl
Version: 1.16
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 11/10/2011
Updated: 1/11/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:iceweasel, cpe:/o:debian:debian_linux:5.0, cpe:/o:debian:debian_linux:6.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 11/9/2011
Reference Information
CVE: CVE-2011-3647, CVE-2011-3648, CVE-2011-3650
DSA: 2341