Debian DSA-1614-1 : iceweasel - several vulnerabilities
High Nessus Plugin ID 33566
SynopsisThe remote Debian host is missing a security-related update.
DescriptionSeveral remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems :
- CVE-2008-2785 It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code.
- CVE-2008-2933 Billy Rios discovered that passing an URL containing a pipe symbol to Iceweasel can lead to Chrome privilege escalation.
SolutionUpgrade the iceweasel package.
For the stable distribution (etch), these problems have been fixed in version 18.104.22.168-0etch1. Updated packages for ia64, arm and mips are not yet available and will be released as soon as they have been built.