English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 90895 CVE descriptions
and 50192 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.69115
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2180-1 (iceape)
Summary:Debian Security Advisory DSA 2180-1 (iceape)
Description:Description:
The remote host is missing an update to iceape
announced via advisory DSA 2180-1.

Several vulnerabilities have been found in the Iceape internet suite, an
unbranded version of Seamonkey:

CVE-2010-1585

Roberto Suggi Liverani discovered that the sanitising performed by
ParanoidFragmentSink was incomplete.

CVE-2011-0051

Zach Hoffmann discovered that incorrect parsing of recursive eval()
calls could lead to attackers forcing acceptance of a confirmation
dialogue.

CVE-2011-0053

Crashes in the layout engine may lead to the execution of arbitrary
code.

CVE-2011-0054

Christian Holler discovered buffer overflows in the Javascript engine,
which could allow the execution of arbitrary code.

CVE-2010-0056

Christian Holler discovered buffer overflows in the Javascript engine,
which could allow the execution of arbitrary code.

CVE-2011-0055

regenrecht and Igor Bukanov discovered a use-after-free error in the
JSON-Implementation, which could lead to the execution of arbitrary code.

CVE-2011-0057

Daniel Kozlowski discovered that incorrect memory handling the web workers
implementation could lead to the execution of arbitrary code.

CVE-2011-0059

Peleus Uhley discovered a cross-site request forgery risk in the plugin
code.

Solution:
The oldstable distribution (lenny) is not affected. The iceape package only
provides the XPCOM code.

For the stable distribution (squeeze), this problem has been fixed in
version 2.0.11-3.

For the unstable distribution (sid), this problem has been fixed in
version 2.0.12-1.

We recommend that you upgrade your iceape packages.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202180-1

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-1585
Bugtraq: 20100421 Security-Assessment.com WhitePaper/Addendum: Cross Context Scripting with Firefox & Exploiting Cross Context Scripting vulnerabilities in Firefox (Google Search)
http://www.securityfocus.com/archive/1/archive/1/510883/100/0/threaded
http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/
http://www.security-assessment.com/files/whitepapers/Cross_Context_Scripting_with_Firefox.pdf
http://www.mandriva.com/security/advisories?name=MDVSA-2011:041
http://www.mandriva.com/security/advisories?name=MDVSA-2011:042
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12532
Common Vulnerability Exposure (CVE) ID: CVE-2011-0051
http://www.redhat.com/support/errata/RHSA-2011-0312.html
http://www.redhat.com/support/errata/RHSA-2011-0313.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14211
Common Vulnerability Exposure (CVE) ID: CVE-2011-0053
BugTraq ID: 46645
http://www.securityfocus.com/bid/46645
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14379
Common Vulnerability Exposure (CVE) ID: CVE-2011-0054
BugTraq ID: 46648
http://www.securityfocus.com/bid/46648
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14018
Common Vulnerability Exposure (CVE) ID: CVE-2011-0055
Bugtraq: 20110302 ZDI-11-103: Mozilla Firefox JSON.stringify Dangling Pointer Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/516802
http://www.zerodayinitiative.com/advisories/ZDI-11-103/
BugTraq ID: 46661
http://www.securityfocus.com/bid/46661
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14476
Common Vulnerability Exposure (CVE) ID: CVE-2011-0056
BugTraq ID: 46650
http://www.securityfocus.com/bid/46650
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14013
Common Vulnerability Exposure (CVE) ID: CVE-2011-0057
BugTraq ID: 46663
http://www.securityfocus.com/bid/46663
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14200
Common Vulnerability Exposure (CVE) ID: CVE-2011-0059
BugTraq ID: 46652
http://www.securityfocus.com/bid/46652
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14473
Common Vulnerability Exposure (CVE) ID: CVE-2010-0056
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 50192 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2016 E-Soft Inc. All rights reserved.