Package: iceweasel Version: 3.5.15-1 Severity: wishlist
Firefox 3.6.9 and above includes support for the X-FRAME-OPTIONS http header which allows website authors to prevent their site being victim to clickjacking (UI redressing) attacks. This is a wishlist item but effectively also has an effect on security for users with a logged-in session at certain websites. I have no idea if it would be easy to patch this for Iceweasel 3.5.x or not - upstream 3.6.9 specifically introduces no new UI or error messages, just shows about:blank when framing is not authorised. This page offers a way of testing if your browser supports the feature: http://www.enhanceie.com/test/clickjack/ Cheers -- Package-specific info: -- Extensions information Name: CheckPlaces Location: ${PROFILE_EXTENSIONS}/checkpla...@andyhalford.com Status: user-disabled Name: Default Location: /usr/lib/iceweasel/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd} Package: iceweasel Status: enabled Name: DownloadHelper Location: ${PROFILE_EXTENSIONS}/{b9db16a4-6edc-47ec-a1f4-b86292ed211d} Status: enabled Name: Firebug Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/fire...@software.joehewitt.com Package: xul-ext-firebug Status: enabled Name: Firefox Sync Location: /usr/lib/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{340c2bbc-ce74-4362-90b5-7c26312808ef} Package: xul-ext-sync Status: enabled Name: Force-TLS Location: ${PROFILE_EXTENSIONS}/force...@sid.stamm Status: enabled Name: Html Validator Location: ${PROFILE_EXTENSIONS}/{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} Status: enabled Name: Personas Location: ${PROFILE_EXTENSIONS}/perso...@christopher.beard Status: enabled -- Plugins information Name: DivX® Web Player Location: /usr/lib/mozilla/plugins/libtotem-mully-plugin.so Package: totem-mozilla Status: enabled Name: Java(TM) Plug-in 1.6.0_22 Location: /usr/lib/jvm/java-6-sun-1.6.0.22/jre/lib/amd64/libnpjp2.so Package: sun-java6-bin Status: enabled Name: QuickTime Plug-in 7.6.6 Location: /usr/lib/mozilla/plugins/libtotem-narrowspace-plugin.so Package: totem-mozilla Status: enabled Name: Shockwave Flash Location: /usr/lib/flashplugin-nonfree/libflashplayer.so Status: enabled Name: VLC Multimedia Plugin (compatible Totem 2.30.2) Location: /usr/lib/mozilla/plugins/libtotem-cone-plugin.so Package: totem-mozilla Status: enabled Name: Windows Media Player Plug-in 10 (compatible; Totem) Location: /usr/lib/mozilla/plugins/libtotem-gmp-plugin.so Package: totem-mozilla Status: enabled Name: iTunes Application Detector Location: /usr/lib/mozilla/plugins/librhythmbox-itms-detection-plugin.so Package: rhythmbox-plugins Status: enabled -- Addons package information ii iceweasel 3.5.15-1 Web browser based on Firefox ii rhythmbox-plug 0.12.8-2 plugins for rhythmbox music player ii sun-java6-bin 6.22-1 Sun Java(TM) Runtime Environment (JRE) 6 (ar ii totem-mozilla 2.30.2-5 Totem Mozilla plugin ii xul-ext-firebu 1.5.4-1 web development plugin for Iceweasel/Firefox ii xul-ext-sync 1.4.3-1 extension to sync bookmarks, passwords and o -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages iceweasel depends on: ii debianutils 3.4 Miscellaneous utilities specific t ii fontconfig 2.8.0-2.1 generic font configuration library ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib ii libglib2.0-0 2.24.2-1 The GLib library of C routines ii libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface ii libnspr4-0d 4.8.6-1 NetScape Portable Runtime Library ii libstdc++6 4.4.5-4 The GNU Standard C++ Library v3 ii procps 1:3.2.8-9 /proc file system utilities ii xulrunner-1.9.1 1.9.1.15-1 XUL + XPCOM application runner iceweasel recommends no packages. Versions of packages iceweasel suggests: ii latex-xft-fonts 1.6.7-1 TrueType versions of some TeX font ii libgssapi-krb5-2 1.8.3+dfsg-2 MIT Kerberos runtime libraries - k ii libkrb53 1.8.3+dfsg-2 transitional package for MIT Kerbe pn mozplugger <none> (no description available) ii ttf-lyx 1.6.7-1 TrueType versions of some TeX font pn ttf-mathematica4.1 <none> (no description available) ii xfonts-mathml 4 Type1 Symbol font for MathML pn xprint <none> (no description available) Versions of packages xulrunner-1.9.1 depends on: ii libasound2 1.0.23-2.1 shared library for ALSA applicatio ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit ii libbz2-1.0 1.0.5-6 high-quality block-sorting file co ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib ii libcairo2 1.8.10-6 The Cairo 2D vector graphics libra ii libdbus-1-3 1.2.24-3 simple interprocess messaging syst ii libfontconfig1 2.8.0-2.1 generic font configuration library ii libfreetype6 2.4.2-1 FreeType 2 font engine, shared lib ii libgcc1 1:4.4.5-4 GCC support library ii libglib2.0-0 2.24.2-1 The GLib library of C routines ii libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface ii libhunspell-1.2-0 1.2.11-1 spell checker and morphological an ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG ii libmozjs2d 1.9.1.15-1 The Mozilla SpiderMonkey JavaScrip ii libnspr4-0d 4.8.6-1 NetScape Portable Runtime Library ii libnss3-1d 3.12.8-1 Network Security Service libraries ii libpango1.0-0 1.28.3-1 Layout and rendering of internatio ii libpng12-0 1.2.44-1 PNG library - runtime ii libreadline6 6.1-3 GNU readline and history libraries ii libsqlite3-0 3.7.3-1 SQLite 3 shared library ii libstartup-notification 0.10-1 library for program launch feedbac ii libstdc++6 4.4.5-4 The GNU Standard C++ Library v3 ii libx11-6 2:1.3.3-3 X11 client-side library ii libxrender1 1:0.9.6-1 X Rendering Extension client libra ii libxt6 1:1.0.7-1 X11 toolkit intrinsics library ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
