Articles / Debian: New iceweasel packa…

Debian: New iceweasel packages fix several vulnerabilities

Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. Jesse Ruderman and Petko D. Petkov discovered that the URI handler for JAR archives allows cross-site scripting. Several crashes in the layout engine were discovered, which might allow the execution of arbitrary code. Gregory Fleischer discovered a race condition in the handling of the "window.location" property, which might lead to cross-site request forgery. Fixed packages are available from security.debian.org.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1424-1                  security@debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
December 08, 2007                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : iceweasel
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2007-5947 CVE-2007-5959 CVE-2007-5960

Several remote vulnerabilities have been discovered in the Iceweasel web
browser, an unbranded version of the Firefox browser. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-5947

   Jesse Ruderman and Petko D. Petkov discovered that the URI handler
   for JAR archives allows cross-site scripting.

CVE-2007-5959

   Several crashes in the layout engine were discovered, which might
   allow the execution of arbitrary code.

CVE-2007-5960

   Gregory Fleischer discovered a race condition in the handling of
   the "window.location" property, which might lead to cross-site
   request forgery.

The Mozilla products in the oldstable distribution (sarge) are no longer
supported with with security updates.

For the stable distribution (etch) these problems have been fixed in
version 2.0.0.10-0etch1.

For the unstable distribution (sid) these problems have been fixed in
version 2.0.0.10-2.

We recommend that you upgrade your iceweasel packages.


Upgrade instructions
- --------------------

wget url
       will fetch the file for you
dpkg -i file.deb
       will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
       will update the internal database
apt-get upgrade
       will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1.dsc
   Size/MD5 checksum:     1289 30031e99f0594521e649eb8f7f080a54
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10.orig.tar.gz
   Size/MD5 checksum: 43505088 f016638930a16c0a44fb0b13b6804f99
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1.diff.gz
   Size/MD5 checksum:   186288 75492d134ad78c2a3f8c7a3f851d0e6c

Architecture independent packages:

 http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.10-0etch1_all.deb
   Size/MD5 checksum:    54716 09cee6268a092b9300beb2bd1ea7bf67
 http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.10-0etch1_all.deb
   Size/MD5 checksum:    54044 ceeb90ee28309be4785fac53f659d21d
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.10-0etch1_all.deb
   Size/MD5 checksum:   239252 b5e1932561074d83a32df5c8dab3f4d8
 http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.10-0etch1_all.deb
   Size/MD5 checksum:    54186 6fca16650d5396c091e9967330e77c29
 http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.10-0etch1_all.deb
   Size/MD5 checksum:    54076 d6efb7f19184d30db9368338bcf991b5
 http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.10-0etch1_all.deb
   Size/MD5 checksum:    53928 b7c1913d0c2ca87d7ea83b03c0d327c2
 http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.10-0etch1_all.deb
   Size/MD5 checksum:    53924 d8b3b367ad11122ce45cd52bb051f04f

alpha architecture (DEC Alpha)

 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_alpha.deb
   Size/MD5 checksum: 11550394 d1d26a5c528540230f52ff10ac3ae23e
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_alpha.deb
   Size/MD5 checksum: 51052142 620c82916d4b66a6ee76b87366182089
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_alpha.deb
   Size/MD5 checksum:    90822 9ac379fc0c601cc8511371201b996698

amd64 architecture (AMD x86_64 (AMD64))

 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_amd64.deb
   Size/MD5 checksum:    87490 60f83326a7f344fe9834ae3fe8895b62
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_amd64.deb
   Size/MD5 checksum: 50039638 dabf8ef7580b504a3d196a05636ef088
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_amd64.deb
   Size/MD5 checksum: 10176298 9119f38cd1ad2f82c431591bf804dc6b

arm architecture (ARM)

 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_arm.deb
   Size/MD5 checksum:  9228834 e86cffc61612357818ec294a74eabbfa
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_arm.deb
   Size/MD5 checksum: 49133114 c0e2eb6a0cd133de08bee88f3075f40d
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_arm.deb
   Size/MD5 checksum:    81260 df61a86635f53be26c54b5f73a1d66fc

hppa architecture (HP PA RISC)

 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_hppa.deb
   Size/MD5 checksum: 50405944 622c595550e18d27967eeaef510aceb5
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_hppa.deb
   Size/MD5 checksum:    89206 297ff408640ea7bf6e4054bfef8448b8
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_hppa.deb
   Size/MD5 checksum: 11025794 465902271fe5791631821748964e2b62

i386 architecture (Intel ia32)

 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_i386.deb
   Size/MD5 checksum:  9091212 0fa199d8de98cfca49325210ed823a6c
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_i386.deb
   Size/MD5 checksum:    81600 3792ff6da7de4bbcb16470038f10c4a8
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_i386.deb
   Size/MD5 checksum: 49430176 7d0466681bab9f40177451b6b1a415df

ia64 architecture (Intel ia64)

 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_ia64.deb
   Size/MD5 checksum: 14109280 4e2df466b3317d4b7da74056ccd33cf4
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_ia64.deb
   Size/MD5 checksum: 50384210 cf73c1a8856bc596b59963179ad68c76
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_ia64.deb
   Size/MD5 checksum:    99796 8183b0bba38858221714bcc64e6b1b96

mips architecture (MIPS (Big Endian))

 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_mips.deb
   Size/MD5 checksum: 53825892 6ae638d0442622e981ed0bb739480465
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_mips.deb
   Size/MD5 checksum:    82922 1a07be11a79484b9eed232451979cd5f
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_mips.deb
   Size/MD5 checksum: 10954574 5f794b588d1d987ab39a241a45e380d8

mipsel architecture (MIPS (Little Endian))

 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_mipsel.deb
   Size/MD5 checksum: 52384634 3fc9ee7c2b49bbdce775222bf7a0b5cb
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_mipsel.deb
   Size/MD5 checksum: 10732344 812e9ba923390aeb276f905a149a1447
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_mipsel.deb
   Size/MD5 checksum:    82762 41f283d3cc7c14f11bd1012da2d03fd3

powerpc architecture (PowerPC)

 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_powerpc.deb
   Size/MD5 checksum:    83326 f3dbf30a7aa86ac64a1a586b9861bfd4
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_powerpc.deb
   Size/MD5 checksum: 51838412 551d3a0549c7f6a633a2c44305464869
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_powerpc.deb
   Size/MD5 checksum:  9911966 6dd5f24d2b19b60e5193cc3a4a7f6fa4

s390 architecture (IBM S/390)

 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_s390.deb
   Size/MD5 checksum: 50714116 5c137d63563275f256e62b4267f1783f
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_s390.deb
   Size/MD5 checksum: 10333216 35b0ad810916603417fe10344013b5ab
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_s390.deb
   Size/MD5 checksum:    87698 596716a1ceb5243820b4c644831cb4ad

sparc architecture (Sun SPARC/UltraSPARC)

 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_sparc.deb
   Size/MD5 checksum: 49052450 bcefe06c2296cfd190364b3eff4e0d5c
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_sparc.deb
   Size/MD5 checksum:    81434 34e0345eb0430e59ad057bb0efcb98c5
 http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_sparc.deb
   Size/MD5 checksum:  9119000 1d5327c89d681fcbc7e8b80eaeab3834


 These files will probably be moved into the stable distribution on
 its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHWoCuXm3vHE4uyloRAjF8AKClHL5xs2Z2ChgU/uVTuSpO8an2aACghec/
AuYsyM9+sPUtfBLlScwWowk=
=Vx23
-----END PGP SIGNATURE-----

Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.