Debian DSA-3457-1 : iceweasel - security update (SLOTH)
Critical Nessus Plugin ID 88426
SynopsisThe remote Debian host is missing a security-related update.
DescriptionMultiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and a buffer overflow may lead to the execution of arbitrary code. In addition the bundled NSS crypto library addresses the SLOTH attack on TLS 1.2.
SolutionUpgrade the iceweasel packages.
For the oldstable distribution (wheezy), these problems have been fixed in version 38.6.0esr-1~deb7u1.
For the stable distribution (jessie), these problems have been fixed in version 38.6.0esr-1~deb8u1.