Debian DSA-1649-1 : iceweasel - several vulnerabilities

Critical Nessus Plugin ID 34371

Synopsis

The remote Debian host is missing a security-related update.

Description

Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2008-0016 Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code.

- CVE-2008-3835 'moz_bug_r_a4' discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could by bypassed.

- CVE-2008-3836 'moz_bug_r_a4' discovered that several vulnerabilities in feedWriter could lead to Chrome privilege escalation.

- CVE-2008-3837 Paul Nickerson discovered that an attacker could move windows during a mouse click, resulting in unwanted action triggered by drag-and-drop.

- CVE-2008-4058 'moz_bug_r_a4' discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers.

- CVE-2008-4059 'moz_bug_r_a4' discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers.

- CVE-2008-4060 Olli Pettay and 'moz_bug_r_a4' discovered a Chrome privilege escalation vulnerability in XSLT handling.

- CVE-2008-4061 Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code.

- CVE-2008-4062 Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code.

- CVE-2008-4065 Dave Reed discovered that some Unicode byte order marks are stripped from JavaScript code before execution, which can result in code being executed, which were otherwise part of a quoted string.

- CVE-2008-4066 Gareth Heyes discovered that some Unicode surrogate characters are ignored by the HTML parser.

- CVE-2008-4067 Boris Zbarsky discovered that resource: URLs allow directory traversal when using URL-encoded slashes.

- CVE-2008-4068 Georgi Guninski discovered that resource: URLs could bypass local access restrictions.

- CVE-2008-4069 Billy Hoffman discovered that the XBM decoder could reveal uninitialised memory.

Solution

Upgrade the iceweasel packages.

For the stable distribution (etch), these problems have been fixed in version 2.0.0.17-0etch1. Packages for hppa will be provided later.

See Also

https://security-tracker.debian.org/tracker/CVE-2008-0016

https://security-tracker.debian.org/tracker/CVE-2008-3835

https://security-tracker.debian.org/tracker/CVE-2008-3836

https://security-tracker.debian.org/tracker/CVE-2008-3837

https://security-tracker.debian.org/tracker/CVE-2008-4058

https://security-tracker.debian.org/tracker/CVE-2008-4059

https://security-tracker.debian.org/tracker/CVE-2008-4060

https://security-tracker.debian.org/tracker/CVE-2008-4061

https://security-tracker.debian.org/tracker/CVE-2008-4062

https://security-tracker.debian.org/tracker/CVE-2008-4065

https://security-tracker.debian.org/tracker/CVE-2008-4066

https://security-tracker.debian.org/tracker/CVE-2008-4067

https://security-tracker.debian.org/tracker/CVE-2008-4068

https://security-tracker.debian.org/tracker/CVE-2008-4069

https://www.debian.org/security/2008/dsa-1649

Plugin Details

Severity: Critical

ID: 34371

File Name: debian_DSA-1649.nasl

Version: 1.16

Type: local

Agent: unix

Published: 2008/10/09

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:iceweasel, cpe:/o:debian:debian_linux:4.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2008/10/08

Exploitable With

CANVAS (CANVAS)

Core Impact

Reference Information

CVE: CVE-2008-0016, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069

DSA: 1649

CWE: 22, 79, 119, 189, 200, 264, 399