DSA-3345-1 iceweasel -- iceweaselID: oval:org.secpod.oval:def:602215 | Date: (C)2015-09-03 (M)2023-12-07 |
Class: PATCH | Family: unix |
Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-4497 Jean-Max Reymond and Ucha Gobejishvili discovered a use-after-free vulnerability which occurs when resizing of a canvas element is triggered in concert with style changes. A web page containing malicious content can cause Iceweasel to crash, or potentially, execute arbitrary code with the privileges of the user running Iceweasel. CVE-2015-4498 Bas Venis reported a flaw in the handling of add-ons installation. A remote attacker can take advantage of this flaw to bypass the add-on installation prompt and trick a user into installing an add-on from a malicious source.
Platform: |
Debian 8.x |
Debian 7.x |