Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702583
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2583-1 (iceweasel - several vulnerabilities)
Summary:Multiple vulnerabilities have been found in Iceweasel, the Debian web browser;based on Mozilla Firefox:;;CVE-2012-5829Heap-based buffer overflow in the nsWindow::OnExposeEvent function could;allow remote attackers to execute arbitrary code.;;CVE-2012-5842Multiple unspecified vulnerabilities in the browser engine could allow remote;attackers to cause a denial of service (memory corruption and application;crash) or possibly execute arbitrary code.;;CVE-2012-4207The HZ-GB-2312 character-set implementation does not properly handle a ~;(tilde) character in proximity to a chunk delimiter, which allows remote;attackers to conduct cross-site scripting (XSS) attacks via a crafted;document.;;CVE-2012-4201The evalInSandbox implementation uses an incorrect context during the;handling of JavaScript code that sets the location.href property, which;allows remote attackers to conduct cross-site scripting (XSS) attacks or read;arbitrary files by leveraging a sandboxed add-on.;;CVE-2012-4216Use-after-free vulnerability in the gfxFont::GetFontEntry function allows;remote attackers to execute arbitrary code or cause a denial of service (heap;memory corruption) via unspecified vectors.
Description:Summary:
Multiple vulnerabilities have been found in Iceweasel, the Debian web browser
based on Mozilla Firefox:

CVE-2012-5829Heap-based buffer overflow in the nsWindow::OnExposeEvent function could
allow remote attackers to execute arbitrary code.

CVE-2012-5842Multiple unspecified vulnerabilities in the browser engine could allow remote
attackers to cause a denial of service (memory corruption and application
crash) or possibly execute arbitrary code.

CVE-2012-4207The HZ-GB-2312 character-set implementation does not properly handle a ~

(tilde) character in proximity to a chunk delimiter, which allows remote
attackers to conduct cross-site scripting (XSS) attacks via a crafted
document.

CVE-2012-4201The evalInSandbox implementation uses an incorrect context during the
handling of JavaScript code that sets the location.href property, which
allows remote attackers to conduct cross-site scripting (XSS) attacks or read
arbitrary files by leveraging a sandboxed add-on.

CVE-2012-4216Use-after-free vulnerability in the gfxFont::GetFontEntry function allows
remote attackers to execute arbitrary code or cause a denial of service (heap
memory corruption) via unspecified vectors.

Affected Software/OS:
iceweasel on Debian Linux

Solution:
For the stable distribution (squeeze), these problems have been fixed in
version 3.5.16-20.

For the testing distribution (wheezy), these problems have been fixed in
version 10.0.11esr-1.

For the unstable distribution (sid), these problems have been fixed in
version 10.0.11esr-1.

We recommend that you upgrade your iceweasel packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-5829
BugTraq ID: 56636
http://www.securityfocus.com/bid/56636
Debian Security Information: DSA-2583 (Google Search)
http://www.debian.org/security/2012/dsa-2583
Debian Security Information: DSA-2584 (Google Search)
http://www.debian.org/security/2012/dsa-2584
Debian Security Information: DSA-2588 (Google Search)
http://www.debian.org/security/2012/dsa-2588
http://www.mandriva.com/security/advisories?name=MDVSA-2012:173
http://osvdb.org/87608
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16849
RedHat Security Advisories: RHSA-2012:1482
http://rhn.redhat.com/errata/RHSA-2012-1482.html
RedHat Security Advisories: RHSA-2012:1483
http://rhn.redhat.com/errata/RHSA-2012-1483.html
http://secunia.com/advisories/51359
http://secunia.com/advisories/51360
http://secunia.com/advisories/51369
http://secunia.com/advisories/51370
http://secunia.com/advisories/51381
http://secunia.com/advisories/51434
http://secunia.com/advisories/51439
http://secunia.com/advisories/51440
SuSE Security Announcement: SUSE-SU-2012:1592 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html
SuSE Security Announcement: SUSE-SU-2013:0048 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html
SuSE Security Announcement: SUSE-SU-2013:0049 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html
SuSE Security Announcement: openSUSE-SU-2012:1583 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html
SuSE Security Announcement: openSUSE-SU-2012:1585 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html
SuSE Security Announcement: openSUSE-SU-2012:1586 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html
SuSE Security Announcement: openSUSE-SU-2013:0131 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html
SuSE Security Announcement: openSUSE-SU-2013:0149 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html
SuSE Security Announcement: openSUSE-SU-2013:0175 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html
http://www.ubuntu.com/usn/USN-1636-1
http://www.ubuntu.com/usn/USN-1638-1
http://www.ubuntu.com/usn/USN-1638-2
http://www.ubuntu.com/usn/USN-1638-3
http://www.ubuntu.com/usn/USN-1681-1
http://www.ubuntu.com/usn/USN-1681-2
http://www.ubuntu.com/usn/USN-1681-4
XForce ISS Database: firefox-onexposeevent-bo(80195)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80195
Common Vulnerability Exposure (CVE) ID: CVE-2012-4201
BugTraq ID: 56618
http://www.securityfocus.com/bid/56618
http://osvdb.org/87594
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15995
XForce ISS Database: firefox-evalinsandbox-sec-bypass(80171)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80171
Common Vulnerability Exposure (CVE) ID: CVE-2012-5842
BugTraq ID: 56611
http://www.securityfocus.com/bid/56611
http://osvdb.org/87596
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16573
XForce ISS Database: firefox-seamonkey-code-exec(80169)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80169
Common Vulnerability Exposure (CVE) ID: CVE-2012-4216
BugTraq ID: 56634
http://www.securityfocus.com/bid/56634
http://osvdb.org/87609
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16902
XForce ISS Database: firefox-getfontentry-code-exec(80189)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80189
Common Vulnerability Exposure (CVE) ID: CVE-2012-4207
BugTraq ID: 56632
http://www.securityfocus.com/bid/56632
http://osvdb.org/87587
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16955
XForce ISS Database: firefox-hzgb2312-xss(80179)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80179
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.