Test ID:	1.3.6.1.4.1.25623.1.0.61934
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1671-1)
Summary:	The remote host is missing an update for the Debian 'iceweasel' package(s) announced via the DSA-1671-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'iceweasel' package(s) announced via the DSA-1671-1 advisory. Vulnerability Insight: Several remote vulnerabilities have been discovered in the Iceweasel webbrowser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0017 Justin Schuh discovered that a buffer overflow in the http-index-format parser could lead to arbitrary code execution. CVE-2008-4582 Liu Die Yu discovered an information leak through local shortcut files. CVE-2008-5012 Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. CVE-2008-5013 It was discovered that insufficient checks in the Flash plugin glue code could lead to arbitrary code execution. CVE-2008-5014 Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. CVE-2008-5017 It was discovered that crashes in the layout engine could lead to arbitrary code execution. CVE-2008-5018 It was discovered that crashes in the Javascript engine could lead to arbitrary code execution. CVE-2008-5021 It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. CVE-2008-5022 moz_bug_r_a4 discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. CVE-2008-5023 Collin Jackson discovered that the -moz-binding property bypasses security checks on codebase principals. CVE-2008-5024 Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. For the stable distribution (etch), these problems have been fixed in version 2.0.0.18-0etch1. For the upcoming stable distribution (lenny) and the unstable distribution (sid), these problems have been fixed in version 3.0.4-1 of iceweasel and version 1.9.0.4-1 of xulrunner. Packages for arm and mips will be provided soon. We recommend that you upgrade your iceweasel package. Affected Software/OS: 'iceweasel' package(s) on Debian 4. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0017 BugTraq ID: 32281 http://www.securityfocus.com/bid/32281 Cert/CC Advisory: TA08-319A http://www.us-cert.gov/cas/techalerts/TA08-319A.html Debian Security Information: DSA-1669 (Google Search) http://www.debian.org/security/2008/dsa-1669 Debian Security Information: DSA-1671 (Google Search) http://www.debian.org/security/2008/dsa-1671 Debian Security Information: DSA-1697 (Google Search) http://www.debian.org/security/2009/dsa-1697 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html ISS Security Advisory: 20081113 Mozilla Unchecked Allocation Remote Code Execution http://www.iss.net/threats/311.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:228 http://www.mandriva.com/security/advisories?name=MDVSA-2008:230 https://bugzilla.mozilla.org/show_bug.cgi?id=443299 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11005 http://www.redhat.com/support/errata/RHSA-2008-0977.html http://www.redhat.com/support/errata/RHSA-2008-0978.html http://www.securitytracker.com/id?1021185 http://secunia.com/advisories/32684 http://secunia.com/advisories/32693 http://secunia.com/advisories/32694 http://secunia.com/advisories/32695 http://secunia.com/advisories/32713 http://secunia.com/advisories/32714 http://secunia.com/advisories/32721 http://secunia.com/advisories/32778 http://secunia.com/advisories/32845 http://secunia.com/advisories/32853 http://secunia.com/advisories/33433 http://secunia.com/advisories/34501 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 SuSE Security Announcement: SUSE-SA:2008:055 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html http://ubuntu.com/usn/usn-667-1 http://www.vupen.com/english/advisories/2008/3146 http://www.vupen.com/english/advisories/2009/0977 Common Vulnerability Exposure (CVE) ID: CVE-2008-4582 BugTraq ID: 31611 http://www.securityfocus.com/bid/31611 BugTraq ID: 31747 http://www.securityfocus.com/bid/31747 Bugtraq: 20081007 Firefox Privacy Broken If Used to Open Web Page File (Google Search) http://www.securityfocus.com/archive/1/497091/100/0/threaded Debian Security Information: DSA-1696 (Google Search) http://www.debian.org/security/2009/dsa-1696 http://liudieyu0.blog124.fc2.com/blog-entry-6.html https://bugzilla.mozilla.org/show_bug.cgi?id=455311 http://www.securitytracker.com/id?1021190 http://securitytracker.com/alerts/2008/Nov/1021212.html http://secunia.com/advisories/32192 http://secunia.com/advisories/33434 http://securityreason.com/securityalert/4416 http://www.vupen.com/english/advisories/2008/2818 XForce ISS Database: firefox-internet-shortcut-info-disclosure(45740) https://exchange.xforce.ibmcloud.com/vulnerabilities/45740 Common Vulnerability Exposure (CVE) ID: CVE-2008-5012 1021187 http://www.securitytracker.com/id?1021187 20081118 Firefox cross-domain image theft (CESA-2008-009) http://www.securityfocus.com/archive/1/498468 256408 32281 32351 http://www.securityfocus.com/bid/32351 32684 32693 32694 32714 32715 http://secunia.com/advisories/32715 32778 32798 http://secunia.com/advisories/32798 32845 32853 33433 33434 34501 ADV-2008-3146 ADV-2009-0977 DSA-1669 DSA-1671 DSA-1696 DSA-1697 FEDORA-2008-9667 MDVSA-2008:228 MDVSA-2008:235 http://www.mandriva.com/security/advisories?name=MDVSA-2008:235 RHSA-2008:0976 http://www.redhat.com/support/errata/RHSA-2008-0976.html RHSA-2008:0977 SUSE-SA:2008:055 TA08-319A USN-667-1 http://scary.beasts.org/security/CESA-2008-009.html http://scarybeastsecurity.blogspot.com/2008/11/firefox-cross-domain-image-theft-and.html http://www.mozilla.org/security/announce/2008/mfsa2008-48.html https://bugzilla.mozilla.org/show_bug.cgi?id=355126 https://bugzilla.mozilla.org/show_bug.cgi?id=451619 oval:org.mitre.oval:def:10750 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10750 Common Vulnerability Exposure (CVE) ID: CVE-2008-5013 1021181 http://www.securitytracker.com/id?1021181 http://www.mozilla.org/security/announce/2008/mfsa2008-49.html https://bugzilla.mozilla.org/show_bug.cgi?id=433610 oval:org.mitre.oval:def:9660 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9660 Common Vulnerability Exposure (CVE) ID: CVE-2008-5014 1021182 http://www.securitytracker.com/id?1021182 32011 http://secunia.com/advisories/32011 32695 32721 FEDORA-2008-9669 MDVSA-2008:230 RHSA-2008:0978 http://www.mozilla.org/security/announce/2008/mfsa2008-50.html https://bugzilla.mozilla.org/show_bug.cgi?id=436741 oval:org.mitre.oval:def:9157 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9157 Common Vulnerability Exposure (CVE) ID: CVE-2008-5017 1021183 http://www.securitytracker.com/id?1021183 32713 http://www.mozilla.org/security/announce/2008/mfsa2008-52.html https://bugzilla.mozilla.org/show_bug.cgi?id=455987 oval:org.mitre.oval:def:11436 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11436 Common Vulnerability Exposure (CVE) ID: CVE-2008-5018 https://bugzilla.mozilla.org/show_bug.cgi?id=452786 oval:org.mitre.oval:def:9872 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9872 Common Vulnerability Exposure (CVE) ID: CVE-2008-5019 1021184 http://www.securitytracker.com/id?1021184 http://www.mozilla.org/security/announce/2008/mfsa2008-53.html https://bugzilla.mozilla.org/buglist.cgi?bug_id=459906%2C460983 oval:org.mitre.oval:def:10943 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10943 Common Vulnerability Exposure (CVE) ID: CVE-2008-5021 1021186 http://www.securitytracker.com/id?1021186 http://www.mozilla.org/security/announce/2008/mfsa2008-55.html https://bugzilla.mozilla.org/show_bug.cgi?id=460002 oval:org.mitre.oval:def:9642 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9642 Common Vulnerability Exposure (CVE) ID: CVE-2008-5022 1021188 http://www.securitytracker.com/id?1021188 http://www.mozilla.org/security/announce/2008/mfsa2008-56.html oval:org.mitre.oval:def:11186 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11186 Common Vulnerability Exposure (CVE) ID: CVE-2008-5023 1021189 http://www.securitytracker.com/id?1021189 http://www.mozilla.org/security/announce/2008/mfsa2008-57.html https://bugzilla.mozilla.org/show_bug.cgi?id=424733 oval:org.mitre.oval:def:9908 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9908 Common Vulnerability Exposure (CVE) ID: CVE-2008-5024 1021192 http://www.securitytracker.com/id?1021192 http://www.mozilla.org/security/announce/2008/mfsa2008-58.html https://bugzilla.mozilla.org/show_bug.cgi?id=453915 oval:org.mitre.oval:def:9063 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9063 Common Vulnerability Exposure (CVE) ID: CVE-2008-5052 https://bugzilla.mozilla.org/show_bug.cgi?id=454113 oval:org.mitre.oval:def:9449 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9449
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.