Package: iceweasel
Version: 38.0.1-1
Severity: serious
Tags: security
Justification: security/privacy issue
The new version of iceweasel auto-disables the requestpolicy plugin.
To add insult to injury, it cannot be manually enabled, apparently
due to a version incompatibility.
This leads to page views no longer honouring the requestpolicy
settings but loading *all* external resources, thus violating
privacy and security, leaking user data to unwanted third parties,
disabling the probably most effective (if icky to use) ad blocker,
and cause general slowness due to ad javascript on several pages
(especially since the Intel Atom on an EeePC is so slow my Pentium M
(with less MHz) feels fast compared to it, before already).
-- Package-specific info:
-- Extensions information
Name: Classic Theme Restorer
Location: ${PROFILE_EXTENSIONS}/classicthemeresto...@arist2noia4dev.xpi
Status: enabled
Name: Clear Search 2
Location: ${PROFILE_EXTENSIONS}/clearsear...@extension-id.invalid.xpi
Status: enabled
Name: Default theme
Location:
/usr/lib/iceweasel/browser/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}
Package: iceweasel
Status: enabled
Name: Firebug
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/fire...@software.joehewitt.com
Package: xul-ext-firebug
Status: enabled
Name: Greasemonkey
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
Package: xul-ext-greasemonkey
Status: user-disabled
Name: HTTPS-Everywhere
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/https-everywh...@eff.org
Package: xul-ext-https-everywhere
Status: user-disabled
Name: It's All Text!
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/itsallt...@docwhat.gerf.org
Package: xul-ext-itsalltext
Status: enabled
Name: RequestPolicy
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/requestpol...@requestpolicy.com
Package: xul-ext-requestpolicy
Status: app-disabled
Name: Status-4-Evar
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/status4e...@caligonstudios.com
Package: xul-ext-status4evar
Status: enabled
Name: Y U no validate
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{20d36f97-15da-47ed-9f0a-13cbe85bdc84}
Package: xul-ext-y-u-no-validate
Status: enabled
-- Plugins information
-- Addons package information
ii iceweasel 38.0.1-1 i386 Web browser based on Firefox
ii xul-ext-firebu 2.0.4-1 all web development plugin for Icewea
ii xul-ext-grease 3.1-2 all customization of webpages with us
ii xul-ext-https- 4.0.3-1 all extension to force the use of HTT
ii xul-ext-itsall 1.9.1-2 all extension to edit textareas using
ii xul-ext-reques 0.5.28-1 all improve your browsing: more priva
ii xul-ext-status 2015.02.06.2 all Status bar widgets and progress i
ii xul-ext-y-u-no 2013052401-2 all browser extension to make securit
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 4.0.0-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)
Versions of packages iceweasel depends on:
ii debianutils 4.5
ii fontconfig 2.11.0-6.3
ii libasound2 1.0.28-1
ii libatk1.0-0 2.16.0-2
ii libc6 2.19-18
ii libcairo2 1.14.2-2
ii libdbus-1-3 1.8.18-1
ii libdbus-glib-1-2 0.102-1
ii libevent-2.0-5 2.0.21-stable-2
ii libffi6 3.1-2+b2
ii libfontconfig1 2.11.0-6.3
ii libfreetype6 2.5.2-4
ii libgcc1 1:5.1.1-5
ii libgdk-pixbuf2.0-0 2.31.1-2+b1
ii libglib2.0-0 2.44.0-3
ii libgtk2.0-0 2.24.25-3
ii libhunspell-1.3-0 1.3.3-3
ii libnspr4 2:4.10.8-1
ii libnss3 2:3.19-1
ii libpango-1.0-0 1.36.8-3
ii libsqlite3-0 3.8.10.1-1
ii libstartup-notification0 0.12-4
ii libstdc++6 5.1.1-5
ii libvpx2 1.4.0-3
ii libx11-6 2:1.6.3-1
ii libxcomposite1 1:0.4.4-1
ii libxdamage1 1:1.1.4-2+b1
ii libxext6 2:1.3.3-1
ii libxfixes3 1:5.0.1-2+b2
ii libxrender1 1:0.9.8-1+b1
ii libxt6 1:1.1.4-1+b1
ii procps 2:3.3.9-9
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages iceweasel recommends:
pn gstreamer1.0-libav <none>
pn gstreamer1.0-plugins-good <none>
Versions of packages iceweasel suggests:
pn fonts-mathjax <none>
pn fonts-oflb-asana-math <none>
pn fonts-stix | otf-stix <none>
ii libcanberra0 0.30-2.1
pn libgnomeui-0 <none>
ii libgssapi-krb5-2 1.12.1+dfsg-20
pn mozplugger <none>
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
