DSA-2341-1 iceweasel -- severalID: oval:org.secpod.oval:def:600691 | Date: (C)2012-01-30 (M)2024-04-17 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2011-3647 "moz_bug_r_a4" discovered a privilege escalation vulnerability in addon handling. CVE-2011-3648 Yosuke Hasegawa discovered that incorrect handling of Shift-JIS encodings could lead to cross-site scripting. CVE-2011-3650 Marc Schoenefeld discovered that profiling the Javascript code could lead to memory corruption.
Platform: |
Debian 5.0 |
Debian 6.0 |