what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Linux Security Advisory 1489-1

Debian Linux Security Advisory 1489-1
Posted Feb 11, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1489-1 - Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. These include arbitrary code execution, privilege escalation, and directory traversal flaws.

tags | advisory, remote, web, arbitrary, vulnerability, code execution
systems | linux, debian
advisories | CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594
SHA-256 | 43e48acc32823c671aa5d0ce96fb6032885f942a876e0b4cc572d9328be2fee6

Debian Linux Security Advisory 1489-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1489-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 10, 2008 https://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : iceweasel
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594

Several remote vulnerabilities have been discovered in the Iceweasel
web browser, an unbranded version of the Firefox browser. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2008-0412

Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul
Nickerson discovered crashes in the layout engine, which might allow
the execution of arbitrary code.

CVE-2008-0413

Carsten Book, Wesley Garland, Igor Bukanov, "moz_bug_r_a4", "shutdown",
Philip Taylor and "tgirmann" discovered crashes in the Javascript
engine, which might allow the execution of arbitrary code.

CVE-2008-0414

"hong" and Gregory Fleisher discovered that file input focus
vulnerabilities in the file upload control could allow information
disclosure of local files.

CVE-2008-0415

"moz_bug_r_a4" and Boris Zbarsky discovered discovered several
vulnerabilities in Javascript handling, which could allow
privilege escalation.

CVE-2008-0417

Justin Dolske discovered that the password storage machanism could
be abused by malicious web sites to corrupt existing saved passwords.

CVE-2008-0418

Gerry Eisenhaur and "moz_bug_r_a4" discovered that a directory
traversal vulnerability in chrome: URI handling could lead to
information disclosure.

CVE-2008-0419

David Bloom discovered a race condition in the image handling of
designMode elements, which can lead to information disclosure or
potentially the execution of arbitrary code.

CVE-2008-0591

Michal Zalewski discovered that timers protecting security-sensitive
dialogs (which disable dialog elements until a timeout is reached)
could be bypassed by window focus changes through Javascript.

CVE-2008-0592

It was discovered that malformed content declarations of saved
attachments could prevent a user in the opening local files
with a ".txt" file name, resulting in minor denial of service.

CVE-2008-0593

Martin Straka discovered that insecure stylesheet handling during
redirects could lead to information disclosure.

CVE-2008-0594

Emil Ljungdahl and Lars-Olof Moilanen discovered that phishing
protections could be bypassed with <div> elements.


For the stable distribution (etch), these problems have been fixed in
version 2.0.0.12-0etch1.

The Mozilla products from the old stable distribution (sarge) are no
longer supported with security updates.

We recommend that you upgrade your iceweasel packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12.orig.tar.gz
Size/MD5 checksum: 43522779 34cb9e2038afa635dac9319a0f113be8
https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1.dsc
Size/MD5 checksum: 1289 568c8d5661721888aa75724f4ec76cf9
https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1.diff.gz
Size/MD5 checksum: 186174 96e7907d265cdf00b81785db4e2ab6c4

Architecture independent packages:

https://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.12-0etch1_all.deb
Size/MD5 checksum: 54290 97f40d39e73fba4b90c79a514ab89f18
https://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.12-0etch1_all.deb
Size/MD5 checksum: 54146 ef3dbcc83837bc5c86ecdb3295716e23
https://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.12-0etch1_all.deb
Size/MD5 checksum: 54026 91815e0777f6249b4ba95bbeb38cee0c
https://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.12-0etch1_all.deb
Size/MD5 checksum: 54176 1b7640fa33604225b347b8fd368163a0
https://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.12-0etch1_all.deb
Size/MD5 checksum: 54816 97db059f2fc4f52bd4d2389f724e8378
https://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.12-0etch1_all.deb
Size/MD5 checksum: 54026 969ad8b6ed5b8b0dea8cd5d3414c1485
https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.12-0etch1_all.deb
Size/MD5 checksum: 239356 4309e0a07163450b9d7ce65103b39b80

alpha architecture (DEC Alpha)

https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_alpha.deb
Size/MD5 checksum: 90934 5e1bdb44f0484fd2111a1541276b99dd
https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_alpha.deb
Size/MD5 checksum: 51062530 72e80dbe1969eae96b4d9ed57aa89122
https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_alpha.deb
Size/MD5 checksum: 11553820 0cea194c903903bb98b53cc349b89dbf

amd64 architecture (AMD x86_64 (AMD64))

https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_amd64.deb
Size/MD5 checksum: 50060784 8639ed04300fac0705c47c27338fdfbb
https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_amd64.deb
Size/MD5 checksum: 87564 79c23f813fc543121275f4a974833c82
https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_amd64.deb
Size/MD5 checksum: 10182710 bb8bbff82040dc0c04e98ac477a5a691

hppa architecture (HP PA RISC)

https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_hppa.deb
Size/MD5 checksum: 89302 2867a60e5385e94188bf66f38f992a29
https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_hppa.deb
Size/MD5 checksum: 11031094 f5926d349e00706a548fdb4f6c02dbac
https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_hppa.deb
Size/MD5 checksum: 50426978 4228e87f68b21f2627069a320603263d

i386 architecture (Intel ia32)

https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_i386.deb
Size/MD5 checksum: 9096292 1c535164988178a3d6b889f9d44f31e8
https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_i386.deb
Size/MD5 checksum: 81706 a7ca2818a1d14730077724e3acaf615f
https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_i386.deb
Size/MD5 checksum: 49451404 3525c3b01dd1142815513cc0d390493f

ia64 architecture (Intel ia64)

https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_ia64.deb
Size/MD5 checksum: 14120046 8d6c6253c001988251523976eee216a1
https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_ia64.deb
Size/MD5 checksum: 99914 3a4bd7bd5ab87d20bbf5a962411ae4fa
https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_ia64.deb
Size/MD5 checksum: 50400330 dfa48b54a479b7f305c899bc3f395f92

mips architecture (MIPS (Big Endian))

https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_mips.deb
Size/MD5 checksum: 53844792 613a7bc03c43510bcb09e09d33bce694
https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_mips.deb
Size/MD5 checksum: 82810 e673433c89d7a74e95b86ed1a264fa5b
https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_mips.deb
Size/MD5 checksum: 11038906 5f60ab9a24ad69a5b8c17ef69f31ef83

mipsel architecture (MIPS (Little Endian))

https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_mipsel.deb
Size/MD5 checksum: 82872 e9fcd10390f6241f8ddc9c996807afe0
https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_mipsel.deb
Size/MD5 checksum: 10735706 dcc381a4d6a0d26a0d69afb0696955db
https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_mipsel.deb
Size/MD5 checksum: 52399756 ffa41f602d079d778355e5a4a7cbde18

powerpc architecture (PowerPC)

https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_powerpc.deb
Size/MD5 checksum: 9913630 75da2ef9f6915fc6961cc56755f6b8fb
https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_powerpc.deb
Size/MD5 checksum: 83434 0b65d7b061d42bfb5ae48c9fb2f65e05
https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_powerpc.deb
Size/MD5 checksum: 51852988 59f76c278e30b86d7e3caaab603d774e

s390 architecture (IBM S/390)

https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_s390.deb
Size/MD5 checksum: 87788 6cc1b69d90583e765b1f54bdd8ec88a4
https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_s390.deb
Size/MD5 checksum: 10339140 dd605f3c893a9fd281ee68c940faaea7
https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_s390.deb
Size/MD5 checksum: 50726238 fdc527fd80bb0383ea8ef02dca684f16

sparc architecture (Sun SPARC/UltraSPARC)

https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_sparc.deb
Size/MD5 checksum: 81548 f4e489f39594fda6a3a3498aea9bd986
https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_sparc.deb
Size/MD5 checksum: 9122208 28632988671ede31388d9caa46a5cfe9
https://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_sparc.deb
Size/MD5 checksum: 49060394 1008a6ee3a9f8a3b6e46b766e62af10a


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb https://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and https://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHr2JkXm3vHE4uyloRAhzrAKDV6FwWWT6zbc76/ZDibTDSmd13mQCfegas
oCcPvP3xPzO1cIgOX25gUi0=
=5KCZ
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close