Package: iceweasel Version: 3.5.9-3 Severity: grave Tags: security Justification: causes non-serious data loss
Hi, a new vulnerability has been discovered in several browsers, including Firefox/Iceweasel. You can get more information here http://www.securityfocus.com/archive/1/511327/100/0/threaded http://translate.google.com/translate?hl=en&u=http://websecurity.com.ua/4206/&sl=uk&tl=en The last link has a PoC, which I tested and crashed my machine (yes, I should have used a virtual machine :( ). Beware. Regards, Pedro -- Package-specific info: -- Extensions information Name: Default Location: /usr/lib/iceweasel/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd} Package: iceweasel Status: enabled Name: DownThemAll! Location: ${PROFILE_EXTENSIONS}/{DDC359D1-844A-42a7-9AA1-88A850A938A8} Status: enabled Name: DownloadHelper Location: ${PROFILE_EXTENSIONS}/{b9db16a4-6edc-47ec-a1f4-b86292ed211d} Status: enabled Name: FOXSCAPE Location: ${PROFILE_EXTENSIONS}/{da7f40f0-8675-11db-b606-0800200c9a66} Status: enabled Name: Flashblock Location: ${PROFILE_EXTENSIONS}/{3d7eb24f-2740-49df-8937-200b1cc08f8a} Status: enabled Name: LittleFox Location: ${PROFILE_EXTENSIONS}/{29852C08-1E91-4889-A6BF-C77F91D6A8F3} Status: enabled Name: NoScript Location: ${PROFILE_EXTENSIONS}/{73a6fe31-595d-460b-a920-fcc0f8843232} Status: user-disabled Name: ProxySel Location: ${PROFILE_EXTENSIONS}/{71e95839-6f7e-470d-be54-77012fec6345} Status: app-disabled Name: Tamper Data Location: ${PROFILE_EXTENSIONS}/{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} Status: app-disabled Name: Torbutton Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} Package: xul-ext-torbutton Status: enabled Name: VertTabbar Location: ${PROFILE_EXTENSIONS}/verttab...@frnchfrgg.org Status: user-disabled -- Plugins information Name: DivX Browser Plug-In Location: /home/botto/.mozilla/plugins/mplayerplug-in-dvx.so Status: enabled Name: IcedTea NPR Web Browser Plugin (using IcedTea6 1.8 (6b18-1.8-1)) Location: /usr/lib/jvm/java-6-openjdk/jre/lib/amd64/IcedTeaPlugin.so Package: icedtea6-plugin Status: enabled Name: QuickTime Plug-in 7.4.5 Location: /home/botto/.mozilla/plugins/mplayerplug-in-qt.so Status: enabled Name: RealPlayer 9 Location: /home/botto/.mozilla/plugins/mplayerplug-in-rm.so Status: enabled Name: Shockwave Flash Location: /usr/lib/flashplugin-nonfree/libflashplayer.so Status: enabled Name: Windows Media Player Plug-in Location: /home/botto/.mozilla/plugins/mplayerplug-in-wmp.so Status: enabled Name: iTunes Application Detector Location: /usr/lib/mozilla/plugins/librhythmbox-itms-detection-plugin.so Package: rhythmbox-plugins Status: enabled Name: mplayerplug-in 2008/12/26 Location: /home/botto/.mozilla/plugins/mplayerplug-in.so Status: enabled -- Addons package information ii icedtea6-plugi 6b18-1.8-1 web browser plugin based on OpenJDK and Iced ii iceweasel 3.5.9-3 Web browser based on Firefox ii rhythmbox-plug 0.12.8-1+b1 plugins for rhythmbox music player ii xul-ext-torbut 1.2.5-1 Iceweasel/Firefox extension enabling 1-click -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (700, 'testing'), (650, 'unstable'), (600, 'experimental'), (500, 'testing-proposed-updates') Architecture: amd64 (x86_64) Kernel: Linux 2.6.34-toi-a4dj (SMP w/2 CPU cores; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages iceweasel depends on: ii debianutils 3.2.3 Miscellaneous utilities specific t ii fontconfig 2.8.0-2.1 generic font configuration library ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib ii libglib2.0-0 2.24.1-1 The GLib library of C routines ii libgtk2.0-0 2.20.1-1 The GTK+ graphical user interface ii libnspr4-0d 4.8.4-1 NetScape Portable Runtime Library ii libstdc++6 4.4.4-1 The GNU Standard C++ Library v3 ii procps 1:3.2.8-9 /proc file system utilities ii xulrunner-1.9.1 1.9.1.9-7 XUL + XPCOM application runner iceweasel recommends no packages. Versions of packages iceweasel suggests: ii latex-xft-fonts 1.6.5-1 TrueType versions of some TeX font ii libgssapi-krb5-2 1.8.1+dfsg-2 MIT Kerberos runtime libraries - k pn mozplugger <none> (no description available) ii ttf-lyx 1.6.5-1 TrueType versions of some TeX font pn ttf-mathematica4.1 <none> (no description available) ii xfonts-mathml 4 Type1 Symbol font for MathML pn xprint <none> (no description available) Versions of packages xulrunner-1.9.1 depends on: ii libasound2 1.0.22-2 shared library for ALSA applicatio ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit ii libbz2-1.0 1.0.5-4 high-quality block-sorting file co ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib ii libcairo2 1.8.10-4 The Cairo 2D vector graphics libra ii libdbus-1-3 1.2.24-1 simple interprocess messaging syst ii libfontconfig1 2.8.0-2.1 generic font configuration library ii libfreetype6 2.3.11-1 FreeType 2 font engine, shared lib ii libgcc1 1:4.4.4-1 GCC support library ii libglib2.0-0 2.24.1-1 The GLib library of C routines ii libgtk2.0-0 2.20.1-1 The GTK+ graphical user interface ii libhunspell-1.2-0 1.2.8-6 spell checker and morphological an ii libjpeg62 6b-16.1 The Independent JPEG Group's JPEG ii libmozjs2d 1.9.1.9-7 The Mozilla SpiderMonkey JavaScrip ii libnspr4-0d 4.8.4-1 NetScape Portable Runtime Library ii libnss3-1d 3.12.6-2 Network Security Service libraries ii libpango1.0-0 1.28.0-1 Layout and rendering of internatio ii libpng12-0 1.2.43-1 PNG library - runtime ii libreadline6 6.1-1 GNU readline and history libraries ii libsqlite3-0 3.6.23.1-2 SQLite 3 shared library ii libstartup-notification 0.10-1 library for program launch feedbac ii libstdc++6 4.4.4-1 The GNU Standard C++ Library v3 ii libx11-6 2:1.3.3-3 X11 client-side library ii libxrender1 1:0.9.5-2 X Rendering Extension client libra ii libxt6 1:1.0.7-1 X11 toolkit intrinsics library ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
