Debian DSA-2296-1 : iceweasel - several vulnerabilities
Critical Nessus Plugin ID 55889
The remote Debian host is missing a security-related update.
Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. - CVE-2011-0084 'regenrecht' discovered that incorrect pointer handling in the SVG processing code could lead to the execution of arbitrary code. - CVE-2011-2378 'regenrecht' discovered that incorrect memory management in DOM processing could lead to the execution of arbitrary code. - CVE-2011-2981 'moz_bug_r_a_4' discovered a Chrome privilege escalation vulnerability in the event handler code. - CVE-2011-2982 Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code. - CVE-2011-2983 'shutdown' discovered an information leak in the handling of RegExp.input. - CVE-2011-2984 'moz_bug_r_a4' discovered a Chrome privilege escalation vulnerability.
Upgrade the iceweasel packages. For the oldstable distribution (lenny), this problem has been fixed in version 126.96.36.199-13 of the xulrunner source package. For the stable distribution (squeeze), this problem has been fixed in version 3.5.16-9.