Test ID:	1.3.6.1.4.1.25623.1.0.702457
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2457-1)
Summary:	The remote host is missing an update for the Debian 'iceweasel' package(s) announced via the DSA-2457-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'iceweasel' package(s) announced via the DSA-2457-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2012-0467 Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2012-0470 Atte Kettunen discovered that a memory corruption bug in gfxImageSurface may lead to the execution of arbitrary code. CVE-2012-0471 Anne van Kesteren discovered that incorrect multibyte character encoding may lead to cross-site scripting. CVE-2012-0477 Masato Kinugawa discovered that incorrect encoding of Korean and Chinese character sets may lead to cross-site scripting. CVE-2012-0479 Jeroen van der Gun discovered a spoofing vulnerability in the presentation of Atom and RSS feeds over HTTPS. For the stable distribution (squeeze), this problem has been fixed in version 3.5.16-15. For the unstable distribution (sid), this problem has been fixed in version 10.0.4esr-1. For the experimental distribution, this problem will be fixed soon. We recommend that you upgrade your iceweasel packages. Affected Software/OS: 'iceweasel' package(s) on Debian 6. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0467 BugTraq ID: 53223 http://www.securityfocus.com/bid/53223 Debian Security Information: DSA-2457 (Google Search) http://www.debian.org/security/2012/dsa-2457 Debian Security Information: DSA-2458 (Google Search) http://www.debian.org/security/2012/dsa-2458 Debian Security Information: DSA-2464 (Google Search) http://www.debian.org/security/2012/dsa-2464 http://www.mandriva.com/security/advisories?name=MDVSA-2012:066 http://www.mandriva.com/security/advisories?name=MDVSA-2012:081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17074 http://secunia.com/advisories/48920 http://secunia.com/advisories/48922 http://secunia.com/advisories/48972 http://secunia.com/advisories/49047 http://secunia.com/advisories/49055 Common Vulnerability Exposure (CVE) ID: CVE-2012-0470 BugTraq ID: 53225 http://www.securityfocus.com/bid/53225 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16989 Common Vulnerability Exposure (CVE) ID: CVE-2012-0471 BugTraq ID: 53219 http://www.securityfocus.com/bid/53219 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16961 Common Vulnerability Exposure (CVE) ID: CVE-2012-0477 BugTraq ID: 53229 http://www.securityfocus.com/bid/53229 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16889 XForce ISS Database: firefox-iso2022kr-xss(75154) https://exchange.xforce.ibmcloud.com/vulnerabilities/75154 Common Vulnerability Exposure (CVE) ID: CVE-2012-0479 BugTraq ID: 53224 http://www.securityfocus.com/bid/53224 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17011 XForce ISS Database: firefox-rss-spoofing(75156) https://exchange.xforce.ibmcloud.com/vulnerabilities/75156
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.