Test ID:	1.3.6.1.4.1.25623.1.0.61365
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1614-1)
Summary:	The remote host is missing an update for the Debian 'iceweasel' package(s) announced via the DSA-1614-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'iceweasel' package(s) announced via the DSA-1614-1 advisory. Vulnerability Insight: Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-2785 It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. CVE-2008-2933 Billy Rios discovered that passing an URL containing a pipe symbol to Iceweasel can lead to Chrome privilege escalation. For the stable distribution (etch), these problems have been fixed in version 2.0.0.16-0etch1. Updated packages for ia64, arm and mips are not yet available and will be released as soon as they have been built. For the unstable distribution (sid), these problems have been fixed in xulrunner 1.9.0.1-1 and iceweasel 3.0.1-1. We recommend that you upgrade your iceweasel package. Affected Software/OS: 'iceweasel' package(s) on Debian 4. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2785 BugTraq ID: 29802 http://www.securityfocus.com/bid/29802 Bugtraq: 20080717 ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/494504/100/0/threaded Bugtraq: 20080729 rPSA-2008-0238-1 firefox (Google Search) http://www.securityfocus.com/archive/1/494860/100/0/threaded Debian Security Information: DSA-1614 (Google Search) http://www.debian.org/security/2008/dsa-1614 Debian Security Information: DSA-1615 (Google Search) http://www.debian.org/security/2008/dsa-1615 Debian Security Information: DSA-1621 (Google Search) http://www.debian.org/security/2008/dsa-1621 Debian Security Information: DSA-1697 (Google Search) http://www.debian.org/security/2009/dsa-1697 https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00667.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00672.html https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html http://security.gentoo.org/glsa/glsa-200808-03.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:148 http://www.mandriva.com/security/advisories?name=MDVSA-2008:155 http://blog.mozilla.com/security/2008/06/18/new-security-issue-under-investigation/ http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30 http://www.zerodayinitiative.com/advisories/ZDI-08-044/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9900 http://www.redhat.com/support/errata/RHSA-2008-0597.html http://www.redhat.com/support/errata/RHSA-2008-0598.html http://www.redhat.com/support/errata/RHSA-2008-0599.html RedHat Security Advisories: RHSA-2008:0616 http://rhn.redhat.com/errata/RHSA-2008-0616.html http://www.securitytracker.com/id?1020336 http://secunia.com/advisories/30761 http://secunia.com/advisories/31121 http://secunia.com/advisories/31122 http://secunia.com/advisories/31129 http://secunia.com/advisories/31144 http://secunia.com/advisories/31145 http://secunia.com/advisories/31154 http://secunia.com/advisories/31157 http://secunia.com/advisories/31176 http://secunia.com/advisories/31183 http://secunia.com/advisories/31195 http://secunia.com/advisories/31220 http://secunia.com/advisories/31253 http://secunia.com/advisories/31261 http://secunia.com/advisories/31270 http://secunia.com/advisories/31286 http://secunia.com/advisories/31306 http://secunia.com/advisories/31377 http://secunia.com/advisories/31403 http://secunia.com/advisories/33433 http://secunia.com/advisories/34501 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.380974 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.380767 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://www.ubuntu.com/usn/usn-623-1 http://www.ubuntu.com/usn/usn-626-1 http://www.ubuntu.com/usn/usn-626-2 http://www.ubuntu.com/usn/usn-629-1 http://www.vupen.com/english/advisories/2008/1873 http://www.vupen.com/english/advisories/2009/0977 XForce ISS Database: firefox-unspecified-code-execution(43167) https://exchange.xforce.ibmcloud.com/vulnerabilities/43167 Common Vulnerability Exposure (CVE) ID: CVE-2008-2933 BugTraq ID: 30242 http://www.securityfocus.com/bid/30242 CERT/CC vulnerability note: VU#130923 http://www.kb.cert.org/vuls/id/130923 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11618 http://www.securitytracker.com/id?1020500 http://secunia.com/advisories/31106 http://secunia.com/advisories/31120 XForce ISS Database: firefox-commandline-uri-security-bypass(43832) https://exchange.xforce.ibmcloud.com/vulnerabilities/43832 Common Vulnerability Exposure (CVE) ID: CVE-2008-3198 BugTraq ID: 30244 http://www.securityfocus.com/bid/30244 XForce ISS Database: firefox-chrome-xss(44199) https://exchange.xforce.ibmcloud.com/vulnerabilities/44199
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.