notfound 537104 3.0.11-1 thanks On Tue, Jul 14, 2009 at 10:25:15PM -0400, Michael S. Gilbert wrote: > package: iceweasel > version: 3.5 > severity: critical > tags: security > > hello, a remote shellcode injection has been disclosed for firefox [0], > [1]. the advisory says that version 3.5 has been verified as > vulnerable, but older versions are very likely susseptable as well. i > have not checked. > > this is critical since it is being exploited in the wild. > > [0] http://secunia.com/advisories/35789 > [1] http://milw0rm.com/exploits/9137
This is a JIT issue, so it only affects 3.5 on x86, arm and sparc. Not on amd64 and other architectures. Awaiting for 3.5.1, jit can be disabled with the javascript.options.jit.content configuration in about:config. Mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
