Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[SECURITY] [DSA 1339-1] New iceape packages fix several vulnerabilities
From: Moritz Muehlenhoff <jmm () debian org>
Date: Tue, 24 Jul 2007 02:00:33 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1339-1                    security () debian org
http://www.debian.org/security/                         Moritz Muehlenhoff
July 23rd, 2007                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : iceape
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738

Several remote vulnerabilities have been discovered in the Iceape internet
suite, an unbranded version of the Seamonkey Internet Suite. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-3089

    Ronen Zilberman and Michal Zalewski discovered that a timing race
    allows the injection of content into about:blank frames.

CVE-2007-3656

    Michal Zalewski discovered that same-origin policies for wyciwyg://
    documents are insufficiently enforced.

CVE-2007-3734

    Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman,
    Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul
    Nickerson,and Vladimir Sukhoy discovered crashes in the layout engine,
    which might allow the execution of arbitrary code.

CVE-2007-3735

    Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the
    javascript engine, which might allow the execution of arbitrary code.

CVE-2007-3736

    "moz_bug_r_a4" discovered that the addEventListener() and setTimeout()
    functions allow cross-site scripting.

CVE-2007-3737

    "moz_bug_r_a4" discovered that a programming error in event handling
    allows privilege escalation.

CVE-2007-3738

    "shutdown" and "moz_bug_r_a4" discovered that the XPCNativeWrapper allows
    the execution of arbitrary code.

The Mozilla products in the oldstable distribution (sarge) are no longer
supported with security updates. You're strongly encouraged to upgrade to
stable as soon as possible.

For the stable distribution (etch) these problems have been fixed in version
1.0.10~pre070720-0etch1. A build for the mips architecture is not yet available,
it will be provided later.

For the unstable distribution (sid) these problems have been fixed in version
1.1.3-1.

We recommend that you upgrade your iceape packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720-0etch1.dsc
      Size/MD5 checksum:     1436 a5ddcea94b97d0eb7d88da94a72ca627
    http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720-0etch1.diff.gz
      Size/MD5 checksum:   267008 018274eb404a0e83606ce0d21e87ad01
    http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720.orig.tar.gz
      Size/MD5 checksum: 43473332 245a8a7774ff47ef91177724130f8ea4

  Architecture independent components:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.10~pre070720-0etch1_all.deb
      Size/MD5 checksum:   278618 ee0d7c0bf576089522f4e9f72c8c3add
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.10~pre070720-0etch1_all.deb
      Size/MD5 checksum:  3707920 4bea22fd5361596b66969d7858dd3ad4
    http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720-0etch1_all.deb
      Size/MD5 checksum:    27756 7b7b835dae8ca15c7ec1592ff702ebb6
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.10~pre070720-0etch1_all.deb
      Size/MD5 checksum:    27278 0cc3f8a430af60e0dbcb83576879689e
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.10~pre070720-0etch1_all.deb
      Size/MD5 checksum:    26354 d33b0ec877535b4fa4bf1aa07350f932
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.10~pre070720-0etch1_all.deb
      Size/MD5 checksum:    26364 ff123607a7884ee5a3865464c76021ea
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.10~pre070720-0etch1_all.deb
      Size/MD5 checksum:    26486 4ca53a0ad06db0acb0b879fadfdd4fd5
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.10~pre070720-0etch1_all.deb
      Size/MD5 checksum:    26390 2420778740bf3e57de6ecd5d343d65dd
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.10~pre070720-0etch1_all.deb
      Size/MD5 checksum:    26390 f6fb1d696a8fbd326204419b73ab98e1
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.10~pre070720-0etch1_all.deb
      Size/MD5 checksum:    26374 84203bd26fc8360bbb82535d81a823eb
    http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.10~pre070720-0etch1_all.deb
      Size/MD5 checksum:    26362 440d3f62c74c42ffcbb5ad73f2069e5c
    http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.10~pre070720-0etch1_all.deb
      Size/MD5 checksum:    26346 ce97b31d46e18455189a03940aa72b92

  Alpha architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_alpha.deb
      Size/MD5 checksum: 12890534 11930d8d5ba846c22095362a46a3ff74
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_alpha.deb
      Size/MD5 checksum:   625330 05c5e03df278bc31932846e1d30a00f9
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_alpha.deb
      Size/MD5 checksum: 60600154 5741efb22728c62acf22154c8a1f3e86
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_alpha.deb
      Size/MD5 checksum:   196866 c64af9533b850bbbd57f9bb87685f9ca
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_alpha.deb
      Size/MD5 checksum:    53100 7193be3a3787964216f4bfa83c7b2789
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_alpha.deb
      Size/MD5 checksum:  2281920 46540cf88b15c9e7455fce6389be88ed

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_amd64.deb
      Size/MD5 checksum: 11668032 c3b8626d19c52f840fe80b39232b0cd7
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_amd64.deb
      Size/MD5 checksum:   608632 f198d453bbbee84201acc69dd9fa5a1a
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_amd64.deb
      Size/MD5 checksum: 59611854 900bf6f48f9df4d30dfd8313b127cfb3
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_amd64.deb
      Size/MD5 checksum:   194016 5adc494eaac9ba8f09c16441c5213318
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_amd64.deb
      Size/MD5 checksum:    52592 4dab2583ccce4830b516fc68ef90bfbd
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_amd64.deb
      Size/MD5 checksum:  2090564 2ad1c710c8f3d7e1a5aa4f8b29b469e7

  ARM architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_arm.deb
      Size/MD5 checksum: 10404318 a3d00ba7cfe0c715fb15bedf1015e601
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_arm.deb
      Size/MD5 checksum:   582112 b0b849a2ffcf26a9441ace8ccdc8e398
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_arm.deb
      Size/MD5 checksum: 58762556 1a0f50dcbd272bc05c34d254d4507a4b
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_arm.deb
      Size/MD5 checksum:   188056 c0b5504ff4183a9e1fef78983a929e67
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_arm.deb
      Size/MD5 checksum:    47298 3c45d2f04093d8a0c5fc41a42251ec73
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_arm.deb
      Size/MD5 checksum:  1907106 b7918528c3b9213502f528adc95c58ab

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_hppa.deb
      Size/MD5 checksum: 12968358 ea1453f3ffa54ee3120ac58cfb293a10
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_hppa.deb
      Size/MD5 checksum:   614490 83b15ddde3c3b657ad44447802c18261
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_hppa.deb
      Size/MD5 checksum: 60467066 e26575d92f3d6d34e98bd8bab228a010
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_hppa.deb
      Size/MD5 checksum:   197064 7d50bb4f9866918e3ef4981c738e650b
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_hppa.deb
      Size/MD5 checksum:    53686 442e54332b114ea0a63fec012912d164
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_hppa.deb
      Size/MD5 checksum:  2338858 47f729c72d8843241cb88407e2e99e47

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_i386.deb
      Size/MD5 checksum: 10477338 deab48630b8aeb248bfa9397e88fd489
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_i386.deb
      Size/MD5 checksum:   587938 2f19c0f151b456a0c0e84b0812cb0dc6
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_i386.deb
      Size/MD5 checksum: 58688874 8e26e07fc8e55d38cde9091093e8ff08
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_i386.deb
      Size/MD5 checksum:   188700 2b399a919d4ee6ee8c5cf22db90e741c
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_i386.deb
      Size/MD5 checksum:    47678 a85d86cd967b44370ec1b3329b9728a5
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_i386.deb
      Size/MD5 checksum:  1889676 66d798529d1f56ce668f8d7eda66abd6

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_ia64.deb
      Size/MD5 checksum: 15794104 7cce099248b412a4189ad2d3243ed7b7
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_ia64.deb
      Size/MD5 checksum:   660672 c7a44faa5e50d8e9c4613c482d4815cd
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_ia64.deb
      Size/MD5 checksum: 59877166 2fe2866b66428866cfed2ab068829bf0
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_ia64.deb
      Size/MD5 checksum:   203708 775d91256820711eb33d3b4af4c1cfbb
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_ia64.deb
      Size/MD5 checksum:    61198 5f258d8b03704153bc66d2114d60fe55
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_ia64.deb
      Size/MD5 checksum:  2815616 ff8fbcd7ba8273161a4db64af91dd950

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_mipsel.deb
      Size/MD5 checksum: 10913650 a40d4caf40bf9b5d989b0cdbf12e9479
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_mipsel.deb
      Size/MD5 checksum:   594990 bf9e81b7f1498d5c60b673b08ba283a7
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_mipsel.deb
      Size/MD5 checksum: 59826020 60a3a22c5a6e42da3c3981ff89fd40ee
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_mipsel.deb
      Size/MD5 checksum:   190212 bad4a1f57643aa25603d6a1fdf85f83f
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_mipsel.deb
      Size/MD5 checksum:    48982 ec96058415e4b33329b6fc5d481f8c56
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_mipsel.deb
      Size/MD5 checksum:  1940378 3a1182500597f8f8d6db4671f187afd2

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_powerpc.deb
      Size/MD5 checksum: 11312338 4f853beb774f7aecaca500031c0e182e
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_powerpc.deb
      Size/MD5 checksum:   595304 4ff550a168faee0f2dffd96b3839c097
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_powerpc.deb
      Size/MD5 checksum: 61603172 37d3070543aae6795d1f95eb1d97b1b1
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_powerpc.deb
      Size/MD5 checksum:   191070 c11775a74df72fe1965aeb50f0f5e2e7
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_powerpc.deb
      Size/MD5 checksum:    48634 031194e9c64f17085308d05dc47de49f
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_powerpc.deb
      Size/MD5 checksum:  2005522 2c4907581d26e19441faed3a2a76a87e

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_s390.deb
      Size/MD5 checksum: 12291720 be79de8e773f1cbf83d34f837f0d3637
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_s390.deb
      Size/MD5 checksum:   610698 4f6e4f45769b6cf87a498b7dece5157c
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_s390.deb
      Size/MD5 checksum: 60372220 a25f1221df24b6d51d66b5f3d4751210
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_s390.deb
      Size/MD5 checksum:   195860 25f6e1809320a9b0d111908cec8e309a
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_s390.deb
      Size/MD5 checksum:    53194 754ae50a15664184d0e70de39cee22b5
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_s390.deb
      Size/MD5 checksum:  2184640 8dffbcd81a31d460d94243fab5ce8049

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_sparc.deb
      Size/MD5 checksum: 10657254 83e7468e55d66d7f36d6903f5bb25fcd
    http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_sparc.deb
      Size/MD5 checksum:   584296 8a64241ccc10cda38927ad6f15af34ce
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_sparc.deb
      Size/MD5 checksum: 58501456 3e53e44bd0b33aaed55a6feab1839fc5
    http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_sparc.deb
      Size/MD5 checksum:   188616 4807d32457222d895b243cd44e390328
    http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_sparc.deb
      Size/MD5 checksum:    47260 3b1cf8ec9939812c886ba3378554e73a
    http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_sparc.deb
      Size/MD5 checksum:  1894688 b8a4207b5edc44f0e24e362db96a6ff7


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce () lists debian org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGpUB+Xm3vHE4uyloRAtK+AKCFyK4tO8NzTFh/dsfPkCjMt+kYmgCg52na
gYCMrox+ckaLZhG90jKyiXM=
=OOIl
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [SECURITY] [DSA 1339-1] New iceape packages fix several vulnerabilities Moritz Muehlenhoff (Jul 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]