From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1697-1 [email protected] http://www.debian.org/security/ Steffen Joeris January 07, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : iceape
Vulnerability : several vulnerabilities
Problem type : remote
Debian-specific: no
CVE ID : CVE-2008-0016 CVE-2008-0304 CVE-2008-2785 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800
CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809
CVE-2008-2810 CVE-2008-2811 CVE-2008-2933 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058
CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4067 CVE-2008-4068
CVE-2008-4069 CVE-2008-4070 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-0017
CVE-2008-5021 CVE-2008-5022 CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508
CVE-2008-5511 CVE-2008-5512

Several remote vulnerabilities have been discovered in Iceape an
unbranded version of the Seamonkey internet suite. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2008-0016

Justin Schuh, Tom Cross and Peter Williams discovered a buffer
overflow in the parser for UTF-8 URLs, which may lead to the
execution of arbitrary code. (MFSA 2008-37)

CVE-2008-0304

It was discovered that a buffer overflow in MIME decoding can lead
to the execution of arbitrary code. (MFSA 2008-26)

CVE-2008-2785

It was discovered that missing boundary checks on a reference
counter for CSS objects can lead to the execution of arbitrary code.
(MFSA 2008-34)

CVE-2008-2798

Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of
arbitrary code. (MFSA 2008-21)

CVE-2008-2799

Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in
the Javascript engine, which might allow the execution of arbitrary
code. (MFSA 2008-21)

CVE-2008-2800

"moz_bug_r_a4" discovered several cross-site scripting vulnerabilities.
(MFSA 2008-22)

CVE-2008-2801

Collin Jackson and Adam Barth discovered that Javascript code
could be executed in the context or signed JAR archives. (MFSA 2008-23)

CVE-2008-2802

"moz_bug_r_a4" discovered that XUL documements can escalate
privileges by accessing the pre-compiled "fastload" file.
(MFSA 2008-24)

CVE-2008-2803

"moz_bug_r_a4" discovered that missing input sanitising in the
mozIJSSubScriptLoader.loadSubScript() function could lead to the
execution of arbitrary code. Iceape itself is not affected, but
some addons are. (MFSA 2008-25)

CVE-2008-2805

Claudio Santambrogio discovered that missing access validation in
DOM parsing allows malicious web sites to force the browser to
upload local files to the server, which could lead to information
disclosure. (MFSA 2008-27)

CVE-2008-2807

Daniel Glazman discovered that a programming error in the code for
parsing .properties files could lead to memory content being
exposed to addons, which could lead to information disclosure.
(MFSA 2008-29)

CVE-2008-2808

Masahiro Yamada discovered that file URLS in directory listings
were insufficiently escaped. (MFSA 2008-30)

CVE-2008-2809

John G. Myers, Frank Benkstein and Nils Toedtmann discovered that
alternate names on self-signed certificates were handled
insufficiently, which could lead to spoofings of secure connections.
(MFSA 2008-31)

CVE-2008-2810

It was discovered that URL shortcut files could be used to bypass the
same-origin restrictions. This issue does not affect current Iceape,
but might occur with additional extensions installed. (MFSA 2008-32)

CVE-2008-2811

Greg McManus discovered a crash in the block reflow code, which might
allow the execution of arbitrary code. (MFSA 2008-33)

CVE-2008-2933

Billy Rios discovered that passing an URL containing a pipe symbol
to Iceape can lead to Chrome privilege escalation. (MFSA 2008-35)

CVE-2008-3835

"moz_bug_r_a4" discovered that the same-origin check in
nsXMLDocument::OnChannelRedirect() could be bypassed. (MFSA 2008-38)

CVE-2008-3836

"moz_bug_r_a4" discovered that several vulnerabilities in
feedWriter could lead to Chrome privilege escalation. (MFSA 2008-39)

CVE-2008-3837

Paul Nickerson discovered that an attacker could move windows
during a mouse click, resulting in unwanted action triggered by
drag-and-drop. (MFSA 2008-40)

CVE-2008-4058

"moz_bug_r_a4" discovered a vulnerability which can result in
Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41)

CVE-2008-4059

"moz_bug_r_a4" discovered a vulnerability which can result in
Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41)

CVE-2008-4060

Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege
escalation vulnerability in XSLT handling. (MFSA 2008-41)

CVE-2008-4061

Jesse Ruderman discovered a crash in the layout engine, which might
allow the execution of arbitrary code. (MFSA 2008-42)

CVE-2008-4062

Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour
discovered crashes in the Javascript engine, which might allow the
execution of arbitrary code. (MFSA 2008-42)

CVE-2008-4065

Dave Reed discovered that some Unicode byte order marks are
stripped from Javascript code before execution, which can result in
code being executed, which were otherwise part of a quoted string.
(MFSA 2008-43)

CVE-2008-4067

Boris Zbarsky discovered that resource: URls allow directory
traversal when using URL-encoded slashes. (MFSA 2008-44)

CVE-2008-4068


[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)