Secunia - Stay Secure
Gartner
Home Corporate Website Jobs Updated Mailing Lists RSS Blog  Online Shop Advertise
Software Inspectors
  Scan Online
  Personal (PSI)
  Network (NSI 2.0)

Solutions For
  Security Professionals
  Security Vendors

Free Solutions For
  Open Communities
  Journalists & Media

Secunia Advisories
  Search
  Historic Advisories
  Listed By Product
  Listed By Vendor
  Statistics / Graphs
  Secunia Research
  Report Vulnerability
  About Advisories

Virus Information
  Chronological List
  Last 10 Virus Alerts
  About Virus Information

Secunia Customers
  Customer Area


Debian update for iceweasel Advisory Available in Danish  Advisory Available in German 

Secunia Advisory: SA28001  
Release Date: 2007-12-10

Critical:
Highly critical
Impact: Cross Site Scripting
DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS:Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid


CVE reference:CVE-2007-5947 (Secunia mirror)
CVE-2007-5959 (Secunia mirror)
CVE-2007-5960 (Secunia mirror)
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS!


Description:
Debian has issued an update for iceweasel. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site request forgery and cross-site scripting attacks or potentially to compromise a user's system.

For more information:
SA27605
SA27725

Solution:
Apply updated packages.

-- Debian 4.0 (stable) --

Source archives:

http://security.debian.org/pool/updat...eweasel/iceweasel_2.0.0.10-0etch1.dsc
Size/MD5 checksum: 1289 30031e99f0594521e649eb8f7f080a54
http://security.debian.org/pool/updat...weasel/iceweasel_2.0.0.10.orig.tar.gz
Size/MD5 checksum: 43505088 f016638930a16c0a44fb0b13b6804f99
http://security.debian.org/pool/updat...sel/iceweasel_2.0.0.10-0etch1.diff.gz
Size/MD5 checksum: 186288 75492d134ad78c2a3f8c7a3f851d0e6c

Architecture independent packages:

http://security.debian.org/pool/updat...zilla-firefox_2.0.0.10-0etch1_all.deb
Size/MD5 checksum: 54716 09cee6268a092b9300beb2bd1ea7bf67
http://security.debian.org/pool/updat...gnome-support_2.0.0.10-0etch1_all.deb
Size/MD5 checksum: 54044 ceeb90ee28309be4785fac53f659d21d
http://security.debian.org/pool/updat...dom-inspector_2.0.0.10-0etch1_all.deb
Size/MD5 checksum: 239252 b5e1932561074d83a32df5c8dab3f4d8
http://security.debian.org/pool/updat...easel/firefox_2.0.0.10-0etch1_all.deb
Size/MD5 checksum: 54186 6fca16650d5396c091e9967330e77c29
http://security.debian.org/pool/updat...dom-inspector_2.0.0.10-0etch1_all.deb
Size/MD5 checksum: 54076 d6efb7f19184d30db9368338bcf991b5
http://security.debian.org/pool/updat...dom-inspector_2.0.0.10-0etch1_all.deb
Size/MD5 checksum: 53928 b7c1913d0c2ca87d7ea83b03c0d327c2
http://security.debian.org/pool/updat...gnome-support_2.0.0.10-0etch1_all.deb
Size/MD5 checksum: 53924 d8b3b367ad11122ce45cd52bb051f04f

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updat...l/iceweasel_2.0.0.10-0etch1_alpha.deb
Size/MD5 checksum: 11550394 d1d26a5c528540230f52ff10ac3ae23e
http://security.debian.org/pool/updat...eweasel-dbg_2.0.0.10-0etch1_alpha.deb
Size/MD5 checksum: 51052142 620c82916d4b66a6ee76b87366182089
http://security.debian.org/pool/updat...ome-support_2.0.0.10-0etch1_alpha.deb
Size/MD5 checksum: 90822 9ac379fc0c601cc8511371201b996698

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updat...ome-support_2.0.0.10-0etch1_amd64.deb
Size/MD5 checksum: 87490 60f83326a7f344fe9834ae3fe8895b62
http://security.debian.org/pool/updat...eweasel-dbg_2.0.0.10-0etch1_amd64.deb
Size/MD5 checksum: 50039638 dabf8ef7580b504a3d196a05636ef088
http://security.debian.org/pool/updat...l/iceweasel_2.0.0.10-0etch1_amd64.deb
Size/MD5 checksum: 10176298 9119f38cd1ad2f82c431591bf804dc6b

arm architecture (ARM)

http://security.debian.org/pool/updat...sel/iceweasel_2.0.0.10-0etch1_arm.deb
Size/MD5 checksum: 9228834 e86cffc61612357818ec294a74eabbfa
http://security.debian.org/pool/updat...iceweasel-dbg_2.0.0.10-0etch1_arm.deb
Size/MD5 checksum: 49133114 c0e2eb6a0cd133de08bee88f3075f40d
http://security.debian.org/pool/updat...gnome-support_2.0.0.10-0etch1_arm.deb
Size/MD5 checksum: 81260 df61a86635f53be26c54b5f73a1d66fc

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updat...ceweasel-dbg_2.0.0.10-0etch1_hppa.deb
Size/MD5 checksum: 50405944 622c595550e18d27967eeaef510aceb5
http://security.debian.org/pool/updat...nome-support_2.0.0.10-0etch1_hppa.deb
Size/MD5 checksum: 89206 297ff408640ea7bf6e4054bfef8448b8
http://security.debian.org/pool/updat...el/iceweasel_2.0.0.10-0etch1_hppa.deb
Size/MD5 checksum: 11025794 465902271fe5791631821748964e2b62

i386 architecture (Intel ia32)

http://security.debian.org/pool/updat...el/iceweasel_2.0.0.10-0etch1_i386.deb
Size/MD5 checksum: 9091212 0fa199d8de98cfca49325210ed823a6c
http://security.debian.org/pool/updat...nome-support_2.0.0.10-0etch1_i386.deb
Size/MD5 checksum: 81600 3792ff6da7de4bbcb16470038f10c4a8
http://security.debian.org/pool/updat...ceweasel-dbg_2.0.0.10-0etch1_i386.deb
Size/MD5 checksum: 49430176 7d0466681bab9f40177451b6b1a415df

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updat...el/iceweasel_2.0.0.10-0etch1_ia64.deb
Size/MD5 checksum: 14109280 4e2df466b3317d4b7da74056ccd33cf4
http://security.debian.org/pool/updat...ceweasel-dbg_2.0.0.10-0etch1_ia64.deb
Size/MD5 checksum: 50384210 cf73c1a8856bc596b59963179ad68c76
http://security.debian.org/pool/updat...nome-support_2.0.0.10-0etch1_ia64.deb
Size/MD5 checksum: 99796 8183b0bba38858221714bcc64e6b1b96

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updat...ceweasel-dbg_2.0.0.10-0etch1_mips.deb
Size/MD5 checksum: 53825892 6ae638d0442622e981ed0bb739480465
http://security.debian.org/pool/updat...nome-support_2.0.0.10-0etch1_mips.deb
Size/MD5 checksum: 82922 1a07be11a79484b9eed232451979cd5f
http://security.debian.org/pool/updat...el/iceweasel_2.0.0.10-0etch1_mips.deb
Size/MD5 checksum: 10954574 5f794b588d1d987ab39a241a45e380d8

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updat...weasel-dbg_2.0.0.10-0etch1_mipsel.deb
Size/MD5 checksum: 52384634 3fc9ee7c2b49bbdce775222bf7a0b5cb
http://security.debian.org/pool/updat.../iceweasel_2.0.0.10-0etch1_mipsel.deb
Size/MD5 checksum: 10732344 812e9ba923390aeb276f905a149a1447
http://security.debian.org/pool/updat...me-support_2.0.0.10-0etch1_mipsel.deb
Size/MD5 checksum: 82762 41f283d3cc7c14f11bd1012da2d03fd3

powerpc architecture (PowerPC)

http://security.debian.org/pool/updat...e-support_2.0.0.10-0etch1_powerpc.deb
Size/MD5 checksum: 83326 f3dbf30a7aa86ac64a1a586b9861bfd4
http://security.debian.org/pool/updat...easel-dbg_2.0.0.10-0etch1_powerpc.deb
Size/MD5 checksum: 51838412 551d3a0549c7f6a633a2c44305464869
http://security.debian.org/pool/updat...iceweasel_2.0.0.10-0etch1_powerpc.deb
Size/MD5 checksum: 9911966 6dd5f24d2b19b60e5193cc3a4a7f6fa4

s390 architecture (IBM S/390)

http://security.debian.org/pool/updat...ceweasel-dbg_2.0.0.10-0etch1_s390.deb
Size/MD5 checksum: 50714116 5c137d63563275f256e62b4267f1783f
http://security.debian.org/pool/updat...el/iceweasel_2.0.0.10-0etch1_s390.deb
Size/MD5 checksum: 10333216 35b0ad810916603417fe10344013b5ab
http://security.debian.org/pool/updat...nome-support_2.0.0.10-0etch1_s390.deb
Size/MD5 checksum: 87698 596716a1ceb5243820b4c644831cb4ad

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updat...eweasel-dbg_2.0.0.10-0etch1_sparc.deb
Size/MD5 checksum: 49052450 bcefe06c2296cfd190364b3eff4e0d5c
http://security.debian.org/pool/updat...ome-support_2.0.0.10-0etch1_sparc.deb
Size/MD5 checksum: 81434 34e0345eb0430e59ad057bb0efcb98c5
http://security.debian.org/pool/updat...l/iceweasel_2.0.0.10-0etch1_sparc.deb
Size/MD5 checksum: 9119000 1d5327c89d681fcbc7e8b80eaeab3834

-- Debian unstable alias sid --

Fixed in version 2.0.0.10-2.

Original Advisory:
http://www.us.debian.org/security/2007/dsa-1424

Other References:
SA27605:
http://secunia.com/advisories/27605/

SA27725:
http://secunia.com/advisories/27725/


Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

1203 Related Secunia Security Advisories, displaying 10

1. Debian update for xulrunner
2. Debian update for ruby1.8
3. Debian update for iceweasel
4. Debian update for libgd2
5. Debian update for afuse
6. Debian update for gaim
7. Debian update for lighttpd
8. Debian update for iceweasel
9. Debian update for mysql-dfsg-5.0
10. Debian update for poppler

Show all related advisories


Send Feedback to Secunia

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.








Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Do you think it's important to read Setup/User Guides for applications for use within your network?


See Results   


Most Popular Advisories

1.
Linux Kernel LDT Buffer Size Handling Vulnerability
2.
Drupal Session Fixation Vulnerability
3.
OpenBSD BIND Query Port DNS Cache Poisoning
4.
Ubuntu update for php
5.
IPCop update for perl
6.
Red Hat update for kernel
7.
Slackware update for dnsmasq
8.
Red Hat update for thunderbird
9.
Fedora update for asterisk
10.
Debian update for xulrunner





Vulnerability Management - Terms & Conditions - Copyright 2002-2008 Secunia - Compliance - Contact Secunia