Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702699
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2699-1 (iceweasel - several vulnerabilities)
Summary:Multiple security issues have been found in Iceweasel, Debian's version;of the Mozilla Firefox web browser: Multiple memory safety errors,;missing input sanitising vulnerabilities, use-after-free vulnerabilities,;buffer overflows and other programming errors may lead to the execution;of arbitrary code, privilege escalation, information leaks or;cross-site-scripting.;;We're changing the approach for security updates for Iceweasel, Icedove;and Iceape in stable-security: Instead of backporting security fixes,;we now provide releases based on the Extended Support Release branch. As;such, this update introduces packages based on Firefox 17 and at some;point in the future we will switch to the next ESR branch once ESR 17;has reached it's end of life.;;Some Xul extensions currently packaged in the Debian archive are not;compatible with the new browser engine.;;A solution to keep packaged extensions compatible with;the Mozilla releases is still being sorted out.;;We don't have the resources to backport security fixes to the Iceweasel;release in oldstable-security any longer. If you're up to the task and;want to help, please get in touch with team@security.debian.org.;Otherwise, we'll announce the end of security support for Iceweasel,;Icedove and Iceape in Squeeze in the next update round.
Description:Summary:
Multiple security issues have been found in Iceweasel, Debian's version
of the Mozilla Firefox web browser: Multiple memory safety errors,
missing input sanitising vulnerabilities, use-after-free vulnerabilities,
buffer overflows and other programming errors may lead to the execution
of arbitrary code, privilege escalation, information leaks or
cross-site-scripting.

We're changing the approach for security updates for Iceweasel, Icedove
and Iceape in stable-security: Instead of backporting security fixes,
we now provide releases based on the Extended Support Release branch. As
such, this update introduces packages based on Firefox 17 and at some
point in the future we will switch to the next ESR branch once ESR 17
has reached it's end of life.

Some Xul extensions currently packaged in the Debian archive are not
compatible with the new browser engine.

A solution to keep packaged extensions compatible with
the Mozilla releases is still being sorted out.

We don't have the resources to backport security fixes to the Iceweasel
release in oldstable-security any longer. If you're up to the task and
want to help, please get in touch with team@security.debian.org.
Otherwise, we'll announce the end of security support for Iceweasel,
Icedove and Iceape in Squeeze in the next update round.

Affected Software/OS:
iceweasel on Debian Linux

Solution:
For the stable distribution (wheezy), these problems have been fixed in
version 17.0.6esr-1~
deb7u1.

For the unstable distribution (sid), these problems have been fixed in
version 17.0.6esr-1.

We recommend that you upgrade your iceweasel packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-1677
BugTraq ID: 59868
http://www.securityfocus.com/bid/59868
Debian Security Information: DSA-2699 (Google Search)
http://www.debian.org/security/2013/dsa-2699
http://www.mandriva.com/security/advisories?name=MDVSA-2013:165
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16979
RedHat Security Advisories: RHSA-2013:0820
http://rhn.redhat.com/errata/RHSA-2013-0820.html
RedHat Security Advisories: RHSA-2013:0821
http://rhn.redhat.com/errata/RHSA-2013-0821.html
SuSE Security Announcement: openSUSE-SU-2013:0825 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html
SuSE Security Announcement: openSUSE-SU-2013:0831 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html
SuSE Security Announcement: openSUSE-SU-2013:0834 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html
SuSE Security Announcement: openSUSE-SU-2013:0929 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html
SuSE Security Announcement: openSUSE-SU-2013:0946 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html
http://www.ubuntu.com/usn/USN-1822-1
http://www.ubuntu.com/usn/USN-1823-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-0776
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16666
RedHat Security Advisories: RHSA-2013:0271
http://rhn.redhat.com/errata/RHSA-2013-0271.html
RedHat Security Advisories: RHSA-2013:0272
http://rhn.redhat.com/errata/RHSA-2013-0272.html
SuSE Security Announcement: openSUSE-SU-2013:0323 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html
SuSE Security Announcement: openSUSE-SU-2013:0324 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html
http://www.ubuntu.com/usn/USN-1729-1
http://www.ubuntu.com/usn/USN-1729-2
http://www.ubuntu.com/usn/USN-1748-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1674
BugTraq ID: 59859
http://www.securityfocus.com/bid/59859
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17147
Common Vulnerability Exposure (CVE) ID: CVE-2013-0787
BugTraq ID: 58391
http://www.securityfocus.com/bid/58391
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157
http://twitter.com/VUPEN/statuses/309505403631325184
http://twitter.com/thezdi/statuses/309484730506698752
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16737
RedHat Security Advisories: RHSA-2013:0614
http://rhn.redhat.com/errata/RHSA-2013-0614.html
RedHat Security Advisories: RHSA-2013:0627
http://rhn.redhat.com/errata/RHSA-2013-0627.html
SuSE Security Announcement: SUSE-SU-2013:0470 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00028.html
SuSE Security Announcement: openSUSE-SU-2013:0431 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00010.html
SuSE Security Announcement: openSUSE-SU-2013:0465 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00023.html
SuSE Security Announcement: openSUSE-SU-2013:0467 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00025.html
SuSE Security Announcement: openSUSE-SU-2013:0468 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00026.html
http://www.ubuntu.com/usn/USN-1758-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-0780
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16383
Common Vulnerability Exposure (CVE) ID: CVE-2013-0775
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16950
Common Vulnerability Exposure (CVE) ID: CVE-2013-1675
BugTraq ID: 59858
http://www.securityfocus.com/bid/59858
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976
Common Vulnerability Exposure (CVE) ID: CVE-2013-1678
BugTraq ID: 59864
http://www.securityfocus.com/bid/59864
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16577
Common Vulnerability Exposure (CVE) ID: CVE-2013-0782
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16906
Common Vulnerability Exposure (CVE) ID: CVE-2013-1676
BugTraq ID: 59863
http://www.securityfocus.com/bid/59863
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16956
Common Vulnerability Exposure (CVE) ID: CVE-2013-0795
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16842
RedHat Security Advisories: RHSA-2013:0696
http://rhn.redhat.com/errata/RHSA-2013-0696.html
RedHat Security Advisories: RHSA-2013:0697
http://rhn.redhat.com/errata/RHSA-2013-0697.html
SuSE Security Announcement: SUSE-SU-2013:0645 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html
SuSE Security Announcement: SUSE-SU-2013:0850 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html
SuSE Security Announcement: openSUSE-SU-2013:0630 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html
SuSE Security Announcement: openSUSE-SU-2013:0631 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html
SuSE Security Announcement: openSUSE-SU-2013:0875 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html
http://www.ubuntu.com/usn/USN-1791-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-0801
BugTraq ID: 59855
http://www.securityfocus.com/bid/59855
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17062
Common Vulnerability Exposure (CVE) ID: CVE-2013-1681
BugTraq ID: 59862
http://www.securityfocus.com/bid/59862
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16988
Common Vulnerability Exposure (CVE) ID: CVE-2013-0800
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16909
Common Vulnerability Exposure (CVE) ID: CVE-2013-0793
BugTraq ID: 58837
http://www.securityfocus.com/bid/58837
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16928
Common Vulnerability Exposure (CVE) ID: CVE-2013-0796
Common Vulnerability Exposure (CVE) ID: CVE-2013-1679
BugTraq ID: 59860
http://www.securityfocus.com/bid/59860
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17085
Common Vulnerability Exposure (CVE) ID: CVE-2013-0788
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16629
Common Vulnerability Exposure (CVE) ID: CVE-2013-1680
BugTraq ID: 59861
http://www.securityfocus.com/bid/59861
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17031
Common Vulnerability Exposure (CVE) ID: CVE-2013-0783
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16219
Common Vulnerability Exposure (CVE) ID: CVE-2013-0773
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16861
Common Vulnerability Exposure (CVE) ID: CVE-2013-1670
BugTraq ID: 59865
http://www.securityfocus.com/bid/59865
http://www.exploit-db.com/exploits/34363
http://www.osvdb.org/93427
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17046
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.