Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702457
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2457-2 (iceweasel - several vulnerabilities)
Summary:Several vulnerabilities have been discovered in Iceweasel, a web;browser based on Firefox. The included XULRunner library provides;rendering services for several other applications included in Debian.;;CVE-2012-0467Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary;Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward,;and Olli Pettay discovered memory corruption bugs, which may lead;to the execution of arbitrary code.;;CVE-2012-0470Atte Kettunen discovered that a memory corruption bug in;gfxImageSurface may lead to the execution of arbitrary code.;;CVE-2012-0471Anne van Kesteren discovered that incorrect multibyte character;encoding may lead to cross-site scripting.;;CVE-2012-0477Masato Kinugawa discovered that incorrect encoding of;Korean and Chinese character sets may lead to cross-site scripting.;;CVE-2012-0479Jeroen van der Gun discovered a spoofing vulnerability in the;presentation of Atom and RSS feeds over HTTPS.
Description:Summary:
Several vulnerabilities have been discovered in Iceweasel, a web
browser based on Firefox. The included XULRunner library provides
rendering services for several other applications included in Debian.

CVE-2012-0467Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary
Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward,
and Olli Pettay discovered memory corruption bugs, which may lead
to the execution of arbitrary code.

CVE-2012-0470Atte Kettunen discovered that a memory corruption bug in
gfxImageSurface may lead to the execution of arbitrary code.

CVE-2012-0471Anne van Kesteren discovered that incorrect multibyte character
encoding may lead to cross-site scripting.

CVE-2012-0477Masato Kinugawa discovered that incorrect encoding of
Korean and Chinese character sets may lead to cross-site scripting.

CVE-2012-0479Jeroen van der Gun discovered a spoofing vulnerability in the
presentation of Atom and RSS feeds over HTTPS.

Affected Software/OS:
iceweasel on Debian Linux

Solution:
For the stable distribution (squeeze), this problem has been fixed in
version 3.5.16-15.

For the unstable distribution (sid), this problem has been fixed in
version 10.0.4esr-1.

For the experimental distribution, this problem will be fixed soon.

We recommend that you upgrade your iceweasel packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-0477
BugTraq ID: 53229
http://www.securityfocus.com/bid/53229
Debian Security Information: DSA-2457 (Google Search)
http://www.debian.org/security/2012/dsa-2457
Debian Security Information: DSA-2458 (Google Search)
http://www.debian.org/security/2012/dsa-2458
Debian Security Information: DSA-2464 (Google Search)
http://www.debian.org/security/2012/dsa-2464
http://www.mandriva.com/security/advisories?name=MDVSA-2012:066
http://www.mandriva.com/security/advisories?name=MDVSA-2012:081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16889
http://secunia.com/advisories/48920
http://secunia.com/advisories/48922
http://secunia.com/advisories/48972
http://secunia.com/advisories/49047
http://secunia.com/advisories/49055
XForce ISS Database: firefox-iso2022kr-xss(75154)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75154
Common Vulnerability Exposure (CVE) ID: CVE-2012-0471
BugTraq ID: 53219
http://www.securityfocus.com/bid/53219
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16961
Common Vulnerability Exposure (CVE) ID: CVE-2012-0479
BugTraq ID: 53224
http://www.securityfocus.com/bid/53224
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17011
XForce ISS Database: firefox-rss-spoofing(75156)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75156
Common Vulnerability Exposure (CVE) ID: CVE-2012-0470
BugTraq ID: 53225
http://www.securityfocus.com/bid/53225
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16989
Common Vulnerability Exposure (CVE) ID: CVE-2012-0467
BugTraq ID: 53223
http://www.securityfocus.com/bid/53223
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17074
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.